Cyber charges resolved between SEC and Equiniti Trust, leaving management oversight concerns still unresolved
Equiniti Trust Settles Cybersecurity Case with SEC for $850,000
Equiniti Trust, a leading share registrar and trust company, has agreed to a settlement with the U.S. Securities and Exchange Commission (SEC) over cybersecurity lapses that resulted in a data breach. The settlement, amounting to $850,000, addresses failures in cybersecurity controls and safeguarding sensitive data.
The timeline of events dates back to 2022 and 2023, when Equiniti, previously known as American Stock Transfer & Trust, experienced two separate cyber intrusions. In September 2022, an unknown hacker hijacked an email chain between Equiniti and a U.S.-based public issuer client, posing as an employee and instructing American Stock Transfer to issue millions of new shares and transfer them to a bank in Hong Kong. As a result, $4.78 million was sent to the Hong Kong bank, but about $1 million was later recovered. In April 2023, another hacker used stolen Social Security numbers to create fake accounts linked to real American Stock Transfer account holders, stealing about $1.9 million.
The SEC found Equiniti in violation of the Securities Exchange Act of 1934, blaming the company for not confirming that its email guidance was read by employees, for not providing training to employees, and for not ensuring that call-backs were performed. The hacking incidents resulted in the loss of $6.6 million in client funds, but Equiniti was able to recover about $2.6 million.
The agreement with Equiniti is one of the first major cyber cases settled at the SEC since the July court ruling dismissing most of the civil fraud charges against SolarWinds in connection with the 2020 Sunburst malware attacks.
The settlement underscores regulatory enforcement increasing around cybersecurity compliance failures, particularly for firms handling sensitive financial data. The cyber intrusion highlighted significant weaknesses in Equiniti’s internal controls and data protection measures, potentially risking client and shareholder data.
Following the settlement, Equiniti has stated that it has made and will continue to make significant investments to protect client funds from fraud. The company has reportedly strengthened its cybersecurity infrastructure and controls, enhanced its compliance programs to meet SEC and other regulatory guidelines, and improved its monitoring and risk assessment frameworks for data protection.
Proxy materials for 2025 shareholder meetings mention the Equiniti Trust Company, indicating ongoing corporate governance activities despite the incident. Related corporate filings and investor communications suggest ongoing governance assessment and communication transparency efforts.
In summary, the Equiniti Trust cyber intrusion settlement in 2025 involved an $850,000 penalty addressing cybersecurity control failures, with the company and regulators focusing on mitigating data risks and reinforcing compliance frameworks afterwards. The SolarWinds case is still proceeding in federal court on a more limited set of charges.
Read also:
- "New York City rideshare service to depart market; will concentrate on electric vehicle charging infrastructure development"
- Chevy Silverado EV Covered Over 1,000 Miles Without Needs for Charging, Thanks to GM Engineers
- Expensive Fix for Owner's 392-Mile Lucid Air: Lucid Motors Asking for $7,000
- BMG's heat-resistant furnace shows increased durability with extended service life by three times
