OCIE Issues Cyber Risk Alert; Fund Administrator is Attacked

The Wall Street Journal reported that fund administrator M.J. Brunner was the subject of a ransomware attack that infiltrated its corporate systems. Hackers took files that contained usernames and emails, physical addresses, and phone numbers, according to the WSJ report. The company, which counts major fund firms as clients, told the WSJ it immediately notified the FBI and will continue to work with them through their investigation. Meanwhile, the SEC’s Office of Compliance Inspections and Examinations issued a risk alert on cyber security, warning that recent reports indicate threats of phishing and other campaigns designed to penetrate financial institution networks to access internal resources and deploy ransomware. Ransomware is a type of malware designed to provide an unauthorized actor access to institutions’ systems and to deny the institutions use of those systems until a ransom is paid. OCIE said it has also observed an increase in sophistication of ransomware attacks on broker-dealers, investment advisers, and investment companies. OCIE encouraged firms to monitor the cybersecurity alerts published by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and to share alert information with their third-party service providers, particularly with those that maintain client assets and records for registrants.