On April 12, 2010, the Financial Industry Regulatory Authority (“FINRA”) announced that it had fined D.A. Davidson & Co. $375,000 for failing to protect its customers’ confidential information. In late 2007, the firm’s system was compromised when hackers employed a SQL injection attack to download the confidential customer information of approximately 192,000 individuals. The security breach came to light when one of the persons responsible for the intrusion attempted to blackmail D.A. Davidson via email on January 16, 2008. The firm responded quickly by notifying law enforcement authorities and providing affected individuals with two years of credit monitoring. While D.A. Davidson neither admitted nor denied the charges in settling the case, the firm consented to the entry of FINRA’s findings. To date, there has been no evidence of identity theft resulting from this incident.