
The S.E.C. Dusts Off a Never-Used Cyber Enforcement Tool - walterbell
https://www.nytimes.com/2018/10/08/business/dealbook/voya-sec-cyber.html
======
shshhdhs
> In a cease-and-desist order against Voya Financial Advisors, the investment
> advisory unit of Voya Financial, the commission used the “Identity Theft Red
> Flags Rule” to censure the firm for allowing hackers to access social
> security numbers, account balances and even details of client investment
> accounts.

I’d like to see them use this more often.

~~~
gcb0
I'd like them to conciliate this rule with companies whose only business
purposes are to sell that data, like TLO from the other HN frontpage article.

Even ignoring the fact that their data finds way into automating identity
theft financial fraud, it should have been impossible to conciliate a business
which purpose is to sell your data (with no consent or even ever interacting
with you) with any identy and data protection law.

if anything, those two things happening show that financial laws are also
arbitrarily enforced. being a small bank, or from east asia, you will feel the
wrath of the law (e.g. voya, hsbc money laudering, etc). but if you are a huge
american financial institutions you can get away with even more (e.g. bank of
america many many recent woes in data loss and consumer abuse).

------
inetsee
Voya is the administrator of one on my financial accounts. I'm wondering if I
should take my money out of this account and move it to another financial
administrator. My first thought is "how would I find out whether my other
financial administrator is any better at security than Voya?"

~~~
castratikron
Try to impersonate an investment representative and see how far you get

