Top Financial Regulator Confirms Data Theft

Share Article

The NASD, formerly known as The National Association of Securities Dealers has confirmed a burglary in its local offices resulting in the theft of 10 laptop computers. Though the burglary occurred on February 25, 2006, the regulator made no public mention of the breach until confronted with a Police Report on June 30th – over four months later.

the primary private-sector regulator of America's securities industry... The NASD licenses individuals and admits firms to the industry, writes rules to govern their behavior, examines them for regulatory compliance and disciplines those who fail to comply.

The NASD, formerly known as The National Association of Securities Dealers has confirmed a burglary in its local offices resulting in the theft of 10 lap top computers. Though the burglary occurred on February 25, 2006, the regulator made no public mention of the breach until confronted with a Police Report on June 30th – over four months later.

The theft was uncovered by financial services executive and author Rogan LaBier, when investigating a rumor that such a breach had occurred. "It's potentially devastating" said LaBier, in an article sent to subscribers of a private newsletter. He also posted the Police Report and other documentary evidence to his website.

In a June 30th conversation with LaBier, NASD spokesperson Herb Perone confirmed that the break in did occur, but said that "there was no personally identifiable customer account information contained in the stolen lap tops." Perone also noted that because of this, “no notices were sent to individuals.”

But LaBier found at least one individual who did receive a written notice from the NASD, reporting that his social security number, among other confidential records, was contained in one of the laptops stolen in the Boca Raton heist. The letter also states that the laptops were "password protected", and that gaining access "would require an unauthorized user to reformat the hard drive, or use special software to bypass the computers operating system."

On July 3rd, LaBier spoke with Perone again. He questioned whether individual account records were in fact contained in those lap tops, and if so, how many. He also asked if the NASD was relying on the password protection in claiming that “no personally identifiable customer account information was contained on those computers.” The Spokesman said he would get back to LaBier with an answer, but at this time, the NASD has still not commented.

According to Privacy experts, the relative strength of password protection is questionable. Doug Rehman, a retired Special Agent in the Florida Department of Law Enforcement and President of Rehman Technology Services in Mount Dora, Florida told LaBier "A password protection system is only as secure as the password is complex. Windows XP, for example, offers pretty much zero protection. Other systems can be nearly impossible to crack. If the passwords are less than eight characters long, professional software can crack those in a couple of days. Many users choose common or simple passwords, or keep the current passwords readily accessible, on post it notes, for example."

Just how many individuals may have had personal, confidential information on the stolen computers remains to be seen.

"What is so troubling," says LaBier, "is not so much the fact that the computers were stolen. It is that the NASD made the conscious decision to not reveal this theft to the public, and further, to create a response that might mislead the public to believe that no confidential financial information had actually been stolen. And apparently, nothing has been done about the incident other than working with local law enforcement, which considers the case inactive.”

The NASD's Website describes the regulatory organization as "the primary private-sector regulator of America's securities industry... The NASD licenses individuals and admits firms to the industry, writes rules to govern their behavior, examines them for regulatory compliance and disciplines those who fail to comply."

The Boca Raton Police Department detective in charge of the investigation into the burglary believes that it was conducted for the lap tops themselves, and not for data contained in them. According to the Police Report, the perpetrators defeated the alarm system and several video surveillance cameras, targeting the laptops and their power cords. The case is currently considered inactive. Whether or not the computers have made it into the hands of individuals capable defeating the password protection remains to be seen.

About Rogan LaBier

Rogan LaBier is a veteran financial services executive, and the author of several books including the “Nasdaq Traders' Toolkit”. He is a frequent contributer to various financial related magazines. He has been quoted often in the financial press and has appeared as a commentator on CNNfn, etc.

http://www.bdexchange.com

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Media Relations
Broker Dealer Exchange
646-201-4014
Email >