An industry cop has slapped Lincoln National Corp.'s broker-dealer and financial advisor with a $600,000 fine, saying the units had no idea who was accessing client records for years at a time.
The Financial Industry Regulatory Authority said Thursday that Lincoln Financial Securities Inc. and Lincoln Financial Advisors Corp. let employees use shared usernames and passwords to access customer records from any web browser on any network. From 2002 to 2009, 1 million customer account records were accessed through the shared logins, FINRA said.
Anyone with the password could see clients' names, social security numbers, birth dates, e-mail addresses and account balances, FINRA said. It said the passwords were not changed, even when employees who knew them left the company.
Under rules issued by FINRA and the Securities and Exchange Commission, broker-dealers must safeguard customer information and develop written rules and procedures.
LFS was fined $450,000 for lax data security over seven years. FINRA fined LFA $150,000 for similar violations over a three-year stretch.
As part of the settlement, LFS and LFA neither admitted nor denied the charges.
FINRA is a self-regulatory group that writes and enforces rules for securities broker-dealers and exchanges. It is overseen by the SEC.
LFS and LFA are part of Lincoln National Corp., the corporate name of Lincoln Financial Group. Lincoln, based in Radnor, Penn., sells life insurance and retirement products such as annuities, and offers other financial services.
Lincoln shares rose 22 cents to $32.49 Thursday.