Centaurus Financial fined $175,000 for misleading customers about ID theft

FINRA, The Financial Industry Regulatory Authority, imposed a fine amounted $ 175,000 upon Centaurus Financial Inc., who failed to protect certain confidential customer information. Also FINRA ordered Centaurus Financial to send to suffered customers notifications. Additionally Centaurus Financial will offer those customers one year of free credit monitoring.

As FINRA discovered Centaurus Financial's computer firewall was improperly configured and username along with password on its facsimile server was week. Taken together these failings led to unauthorized access to confidential information, such as accounts numbers, social security numbers and other personal data of customers. Also malefactors conducted "phishing" scam due to company's weaknesses of information security system. After discovering "phishing" scam Centaurus Financial carried out improper investigation and sent inappropriate misleading notifications to its 1,400 affected customers.

According to Susan L. Merrill, FINRA Executive Vice President and Chief of Enforcement, firm should protect confidential customer information and respond adequately to unauthorized access to their system. After unauthorized access being discovered firm should conduct an effective investigation and notify all affected customers in proper way, as she added later.

As FINRA found out on July 15, 2007 Centaurus Financial's fax server was used by unauthorized persons as phishing scam host. Phishing scams trick computer users in order to make them open their confidential information. In Centaurus Financial's fax server there was a file simulating a popular internet auction. Over a three-day period there were 894 unauthorized logins.

After revealing the phishing scam Centaurus Financial sent misleading letters to approximately 1400 customers stating that unauthorized access was done by only one person and all confidential information was not available. There was nothing about other unauthorized logins to the system and about real reasons of unauthorized access, such as improperly configured firewall and weak username and password on fax server.