On August 30, 2021, the U.S. Securities and Exchange Commission (SEC) sanctioned a group of eight broker-dealers and registered investment advisors in three different actions for failing to maintain adequate cybersecurity procedures and disclosure controls, in violation of Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)) (the Safeguards Rule). According to the SEC’s Orders, these failures allowed unauthorized third parties to compromise the email accounts of the firms’ representatives and thus resulted in the exposure of their clients’ personally identifiable information (PII).