GRC Report Staff

Picture this: a casual round of Candy Crush, a swipe through a dating app, or even the quiet tracking of a pregnancy journey. For millions of users, these seemingly harmless digital interactions may have just become part of a cyber nightmare. Last week, Gravy Analytics, a major location data broker, revealed a data breach that could have leaked precise location data from popular mobile apps, exposing users' private movements—and potentially sensitive locations like military bases and government buildings.

In a significant settlement, Fidelity Brokerage Services LLC (Fidelity) has agreed to pay a $600,000 fine and accept a censure in response to regulatory violations uncovered by the Financial Industry Regulatory Authority (FINRA). This settlement comes after an eight-year lapse in the company’s ability to effectively supervise transactions and the safeguarding of sensitive financial data for international clients.

The French Financial Markets Authority (Autorité des Marchés Financiers, AMF) Enforcement Committee has levied fines totaling €10 million against EcoR1 Capital, a San Francisco-based investment fund, and its director, Oleg Nodelman, for price manipulation during the initial public offering (IPO) of French biotech firm Innate Pharma on the Nasdaq.

The Securities and Exchange Commission (SEC) recently announced that BMO Capital Markets Corp. would pay over $40 million to settle charges related to supervisory lapses. The case centers on misleading sales of mortgage-backed securities, leaving a trail of misinformed investors and a $3 billion problem.

Liquidnet Inc., a key player in alternative trading systems (ATS), finds itself in hot water with the Securities and Exchange Commission (SEC). The company has agreed to a $5 million penalty after being charged with lapses in its safeguards and controls—lapses that, according to the SEC, jeopardized both market integrity and subscriber trust.

For financial institutions, 2025 has started with a sobering reminder that the cost of missteps just got steeper. The Office of the Comptroller of the Currency (OCC) has raised the maximum civil money penalties (CMPs) it can impose, adjusting for inflation as mandated by federal law. These updated limits, effective immediately, apply to violations dating back to November 2, 2015.

In a twist fit for a WWE storyline, Vince McMahon, the once-dominant figure at the helm of World Wrestling Entertainment (WWE), has landed himself in hot water—this time, outside the ring. The Securities and Exchange Commission (SEC) has charged the former WWE CEO with failing to disclose two significant settlement agreements to the company, leading to financial misstatements that echo through WWE’s books like a mistimed body slam.