Cash App Investing LLC has agreed to pay a fine of $ 375,000 as part of a settlement with the Financial Industry Regulatory Authority (Finra).
Between October 2019 and March 2022, cash investment failed to create and maintain a supervisory system that was reasonably designed to preserve customer information.
In November 2019, representative A was designed and created the database of the business reconciliation of the business, which was maintained on a web that was outside the company’s data security network. The database included non -public personal information of customers, including names, account numbers, account prices and account entries.
The database is subject to separate data security protections, including multiple factors, and required separate access credentials. Representative A was the only person who regularly had access to the database from October 2019 until he resigned from the business in October 2021.
During the relative period, the company had a cyber security policy and written supervisory procedures that required the company to immediately disable the former employees’ access and to monitor for unauthorized access to the databases and the company’s network. However, the company’s supervisory system to disable access credentials for the departure of employees did not acquire the use of the commercial reconciliation database.
In addition, the company did not attend the trade database for unauthorized access. When it represents the investment in left -wing cash application, the business does not end its access to the reconciliation system, although it has finished access to other fixed systems. Starting in October 2021, the company began moving the system of commercial reconciliation to data security infrastructure.
However, in December 2021, prior to the completion of the transition, it represents access to the commercial reconciliation system and made six reports containing the names and account numbers for the company’s approximate 8.2 million customers. Reports also contained account value and account entries for about 3.4 million customers.
Reports accessed by representative A did not include customer social security numbers, birth dates, addresses, bank account information, payment card information or information sufficient to connect with cash lining accounts, such as usernames or passwords.
Cash investment did not detect the unauthorized access of the representative of the commercial reconciliation until March 2022.
With the failure to determine a supervisory system that is reasonably designed to safeguard the files and information of the customers as described above, cash lining violated the rule 30 (a) of the SP regulation and the FINRA 31 l0 (A), 31 L0 (B) and 2010 rules.
In addition to the fine of $ 375,000, the company has consent to a accusation.
Cash App Investing has been a member of Finra since October 2007. The company, based in Portland, Oregon, employs about 30 registered representatives in a branch. Since about October 2019, the company has offered self-directed retail investors through its mobile application.