Financial Services Company Pays $1 Million to SEC
Financial services firm, Voya Financial, will pay the Securities and Exchange Commission (SEC) to settle claims that it violated a nascent rule to prevent identity theft, the Identity Theft Red Flags Rule. In April 2016 Voya experienced a cybersecurity breach when the perpetrators impersonated contractors for a unit of Voya and arranged to reset the contractors’ passwords. As a result, the intruders obtained the personal information and account information of thousands of customers. No unauthorized transfers occurred as a result of the breach. The SEC accused Voya of weaknesses in its cybersecurity procedures and accepted Voya’s compromise of its first ever case under the rule.