Jacko Law Group, PC
Call Today for a Consultation
San Diego 619-298-2880 San Francisco 415-766-3599 Los Angeles 213-631-2549

Voya Financial Advisors, Inc. -- System Glitch Reveals Broker's Information


Cybersecurity and information security protocols have become industry-wide priorities, both to the regulatory bodies that oversee our business practices and to the customers who trust that firms' policies and procedures are up-to-date and robust.

This same principle extends also to a firm's employees, who need their personally identifying information (PII) kept safe, as well.

Voya Financial Advisors Inc. recently informed its associated brokers and financial advisers that a system glitch on a biography webpage had put their Social Security Numbers at risk of exposure.

On the Voya Financial "Find a Professional" webpage, a visitor could paste the direct link assigned to a Voya broker's biography page into a text message or on social media, and the broker's full Social Security Number would be displayed in the link.

This error left sensitive data vulnerable to exploitation and existed from early April 2016 until late November 2018, though the firm reports no evidence exists that the information was exploited for malicious purposes.

Voya International: Another Incident

This failure to secure important information at Voya Financial is the latest instance in a series of similar errors across the financial industry that have left sensitive information vulnerable.

In fact, this is Voya International's second incident in recent months. In September, the firm agreed to pay $1 million in damages to the Securities and Exchange Commission for a failure in security protocols, including its incident response plan, that allowed criminals posing as independent advisers to call the firm's support line and request new passwords. The attackers then accessed sensitive PII of 5,600 Voya Financial customers.

Cybersecurity: A Priority That Is Here to Stay

Our hope is that, by highlighting incidents like this one, more firms, broker-dealers, and RIAs will come to understand the attention that robust cybersecurity measures and effective incident response plans require across our industry.

The OCIE (Office of Compliance Inspections and Examinations) continues to remind us of this need by repeatedly listing cybersecurity and information security in their examination priorities.

It is critical that firms have effective measures to identify issues rapidly, respond to them effectively, and have a plan to correct the problem through remediation and increased training for employees in order to cut down on recidivism.

Enforcement bodies are not likely to take repeated infractions lightly.

Should your firm require assistance in reviewing your policies and procedures covering the use of technology, the development of a proper incident response plan, information security testing, or counsel in the event of a security breach, contact Jacko Law Group, PC.

Our attorneys are here to help with any questions or concerns. Let our decades of experience work for you.

No Comments

Leave a comment
Comment Information
Email Us For A Response

How Can We Help?

Email us to request more information or to schedule an appointment.

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy

San Diego Office
1350 Columbia Street
Suite 300
San Diego, CA 92101

Toll Free: 866-497-2298
Phone: 213-631-2549
Phone: 619-298-2880
Fax: 619-298-2882
Map & Directions

San Francisco Office
Four Embarcadero Center
Suite 1400
San Francisco, CA 94111

Phone: 213-631-2549
Phone: 415-766-3599
Fax: 619-298-2882
Map & Directions

Los Angeles Office
535 N. Brand Boulevard
Suite 270
Glendale, CA 91203

Phone: 213-631-2549
Fax: 619-298-2882
Map & Directions