Galen Marsh, a former private wealth adviser associated with an unnamed investment bank, pled guilty last week to illegally accessing confidential data on approximately 73,000 clients of his former employer from June 2011 through December 2014. Among other things, Mr. Marsh was alleged to have uploaded information regarding these clients, including names, addresses, telephone numbers, account numbers, account values and other investment information, to a personal server at his home. Mr. Marsh was alleged to have used the identification numbers of other bank branches, production groups and financial advisers to gain the unauthorized access. Mr. Marsh will be sentenced on December 7, 2015. He faces a maximum of five years imprisonment and three years of supervised release.
Compliance Weeds: This matter is an example of why the greatest threat of cyber-attacks is from inside employees and consultants. Firms’ cybersecurity policies and procedures should address internal threats.