The U.S. Commodity Futures Trading Commission has hit Philips Capital Inc., a Chicago-based brokerage firm, with a $500,000 civil monetary penalty for security missteps before and after a 2018 data breach, which resulted in the theft of $1 million from client accounts.
In the commission’s order order, which was announced Friday, Philips Capital also acknowledges it has paid restitution of $1 million to customers whose money was stolen.
The commission, an independent federal agency that regulates futures and options markets, found that Philip Capital did not follow U.S. regulatory requirements for informing customers of the breach in a timely way. It also found that the brokerage allowed cybercriminals to breach its systems, access customer information and steal money from clients. And it faulted the company for not making sure its employees followed written cybersecurity guidelines.
A representative of Philip Capital, which is part of the Singapore-based Phillip Capital Group, did not respond to a request for comment. more