AMY ANN BRANDTS Investment Fraud Investigation: Cybersecurity Breaches Lead to Significant Client Losses

Call 800-950-6553 or complete our online form to schedule your no-obligation case evaluation.

Recent Cybersecurity Incidents Raise Serious Concerns for Investors

Clients of financial advisor Amy Ann Brandts (CRD# 1228497) may have grounds for recovery following recent cybersecurity breaches that resulted in substantial financial losses. According to her FINRA BrokerCheck report, Brandts, who operates through Cambridge Investment Research, Inc. in Herndon, Virginia, has been involved in multiple customer disputes related to email security compromises that led to significant monetary damages.

These concerning incidents raise important questions about the adequacy of cybersecurity measures employed by Brandts and her firm, as well as their responsibility in protecting sensitive client information from unauthorized access. Investors affected by these breaches may have legal recourse through FINRA arbitration to recover their losses.

Who is Amy Ann Brandts?

Amy Ann Brandts is a veteran financial professional with over 40 years in the securities industry. She has been registered with Cambridge Investment Research, Inc. (CRD# 39543) since February 2003 and with Cambridge Investment Research Advisors, Inc. (CRD# 134139) since March 2005. Based in Herndon, Virginia, Brandts operates from multiple branch locations, including offices in Bethesda, Maryland and Ashburn, Virginia.

Brandts holds extensive securities licenses and qualifications, including:

• General Securities Principal (Series 24)
• General Securities Representative (Series 7)
• Investment Company Products/Variable Contracts Representative (Series 6)
• Direct Participation Programs Representative (Series 22)
• Operations Professional (Series 99TO)
• Uniform Investment Adviser Law (Series 65)
• Uniform Securities Agent State Law (Series 63)

Additionally, she holds the professional designation of Chartered Financial Consultant, which she has used to qualify as an Investment Advisor representative. Brandts is currently registered in 29 U.S. states and territories.

Beyond her securities business, Brandts maintains several other business activities, including serving as the managing member of Symphony Financial (an independent insurance agency), owning Symphony Financial Partners LLC (established for liability purposes), managing personal real estate investments, and serving as treasurer for a homeowners association.

Recent Cybersecurity Breach Complaints

Brandts’ FINRA BrokerCheck report reveals troubling incidents related to cybersecurity failures that have resulted in substantial client losses:

$96,672 Settlement in July 2024

In July 2024, a client filed a complaint alleging “loss was suffered due to actions of an outside, unknown third party, as a result of cyber security breach with the RR’s email account.” This complaint was settled in January 2025 for the full claimed amount of $96,672. Notably, while the firm provided the settlement, Brandts herself did not contribute to the payment.

$450,000 Pending Complaint from January 2025

More alarming is a pending complaint filed in January 2025, with similar allegations of losses “suffered due to actions of an outside, unknown third party, as a result of cyber security breach with the RR’s email account.” This second complaint involves alleged damages of $450,000 – a substantial sum that raises serious questions about the extent and impact of the security breaches.

Both complaints specifically reference email account compromises, suggesting potential vulnerabilities in how Brandts maintained and secured her electronic communications with clients. Such breaches can lead to unauthorized access to sensitive financial information, fraudulent transaction requests, and significant monetary losses.

Understanding Email Security Breaches in Financial Services

Email account compromises represent one of the most serious cybersecurity threats facing financial services professionals and their clients. When unauthorized individuals gain access to a financial advisor’s email account, they can:

• Monitor communications to gather sensitive personal and financial information
• Send fraudulent wire transfer or investment instructions appearing to come from the advisor
• Access attached financial documents containing account numbers, statements, and other confidential information
• Impersonate the advisor to request additional personal information from clients
• Alter legitimate investment instructions or redirect funds to unauthorized accounts

The financial industry has seen a dramatic increase in these types of attacks in recent years, with cybercriminals specifically targeting financial advisors due to their access to substantial client assets and financial information. According to industry data, the average cost of a data breach in the financial services sector exceeds $5.85 million, significantly higher than the average across all industries.

Broker and Firm Responsibility for Cybersecurity

Financial advisors and their firms have a regulatory obligation to implement reasonable cybersecurity measures to protect client information. FINRA has emphasized cybersecurity as a critical examination priority in recent years, and the SEC has brought enforcement actions against firms with inadequate security practices.

Key cybersecurity responsibilities for brokers and investment advisors include:

• Implementing multi-factor authentication for email and financial accounts
• Maintaining updated security software and systems
• Encrypting sensitive client communications and data
• Establishing clear protocols for verifying fund transfer requests
• Training staff on cybersecurity best practices and threat recognition
• Developing and testing incident response plans
• Regularly assessing cybersecurity risks and vulnerabilities

In her broker statement responding to these complaints, Brandts asserted that “prior to the cyber security incident, she had all recommended security protocols in place, including but not limited to a cyber security policy and practices program, multi-factor authentication and a recent cyber security audit.” She further claimed that “upon discovery of the suspicious email activity, she took immediate action to contact all clients that might have been affected” and “engaged third-party forensic specialists to investigate and mitigate the incident.”

However, the significant settlement amount and the pending complaint for even larger damages raise questions about whether these security measures were adequately implemented or maintained. The fact that Cambridge Investment Research paid a substantial settlement suggests the firm may have recognized potential liability in how the situation was handled.

Red Flags for Cambridge Investment Research Clients

Clients of Amy Ann Brandts and Cambridge Investment Research should be alert to several potential warning signs related to cybersecurity practices:

• Unusual or unexpected emails requesting financial transactions or personal information
• Changes in communication patterns or writing style from your advisor
• Pressure to act quickly on investment decisions or fund transfers
• Communications containing grammatical errors or awkward phrasing
• Requests to change established verification procedures for fund transfers
• Unexplained delays in receiving expected communications or confirmations
• Transactions appearing on statements that you did not authorize

If you notice any of these warning signs, it’s critical to contact your advisor directly by phone using a previously verified number—not by replying to a suspicious email—and to report any concerns immediately to the compliance department of the brokerage firm.

Legal Options for Recovery: FINRA Arbitration

Investors who have suffered losses due to security breaches at Cambridge Investment Research may have legal recourse through the FINRA arbitration process. This specialized forum resolves disputes between investors and securities firms or brokers outside of traditional courts.

FINRA arbitration offers several advantages for investors seeking recovery:

• Typically faster resolution than court litigation (usually 12-18 months)
• Lower costs than traditional lawsuits
• Decisions made by arbitrators familiar with securities industry practices
• Binding decisions that are difficult for firms to appeal
• Greater privacy than public court proceedings

Claims against Brandts and Cambridge Investment Research could potentially be based on various legal theories, including:

• Negligence in implementing adequate cybersecurity measures
• Failure to follow industry best practices for data security
• Breach of fiduciary duty to protect client information and assets
• Violation of SEC Regulation S-P (Privacy of Consumer Financial Information)
• Failure to supervise email communications and security procedures

The substantial settlement already paid in one case indicates the firm recognized potential liability for these security incidents. This precedent may be favorable for other affected clients seeking recovery.

Cambridge Investment Research’s Supervisory Responsibilities

Brokerage firms like Cambridge Investment Research have a legal obligation to reasonably supervise their registered representatives and implement adequate cybersecurity protocols. The firm’s willingness to settle one claim for nearly $100,000 without contribution from Brandts suggests possible recognition of supervisory deficiencies.

Cambridge Investment Research’s responsibilities include:

• Establishing comprehensive cybersecurity policies and procedures
• Providing adequate training on data security for all representatives
• Implementing technical safeguards for email and client data systems
• Conducting regular security audits and vulnerability assessments
• Monitoring for unusual account activity or potential security breaches
• Taking prompt action when potential compromises are identified
• Maintaining adequate insurance coverage for cybersecurity incidents

The firm’s handling of these incidents and their settlement approach may indicate how they might respond to similar claims from other affected clients.

Protecting Your Financial Accounts from Cybersecurity Threats

While investors rely on their financial advisors to maintain proper security measures, clients can also take proactive steps to protect their accounts:

• Enable multi-factor authentication on all financial accounts
• Verify all fund transfer requests by phone before approving
• Establish a verbal password with your advisor for transaction verification
• Monitor accounts regularly for unauthorized activity
• Use strong, unique passwords for financial websites
• Be skeptical of urgent requests or sudden changes in procedures
• Keep contact information updated with your financial institutions
• Consider placing security freezes on your credit reports

Most importantly, maintain direct communication with your financial advisor about their cybersecurity protocols and what verification steps they will use before executing any transactions on your behalf.

Industry-Wide Cybersecurity Concerns

The incidents involving Brandts reflect a growing industry-wide concern about cybersecurity in financial services. As financial transactions increasingly move online, the risks of email compromises, account takeovers, and fraudulent instructions have multiplied.

According to recent industry reports:

• Financial services firms experience 300% more cyberattacks than other industries
• Email account compromises increased 81% across financial services in the past three years
• The average cost per breached record in financial services is $259, significantly higher than the cross-industry average
• Financial advisors with smaller practices often lack robust IT security resources
• Social engineering attacks targeting specific financial advisors have become increasingly sophisticated

These statistics highlight the critical importance of cybersecurity practices in protecting client assets and the potential liability firms face when breaches occur.

Amy Brandts’ Professional Background and Registration History

Brandts has a lengthy securities industry career dating back to 1984. Her registration history includes:

• Cambridge Investment Research, Inc. (2003-Present)
• Trusted Securities Advisors Corp. (2001-2003)
• Cambridge Investment Research, Inc. (1998-2001)
• Capitol Securities Management, Inc. (1995-1998)
• R. Phelps & Co., Inc. (1992-1995)
• Sun Investment Services Company (1984-1992)
• New York Life Securities Corp. (1984)

This extensive experience means Brandts would be expected to understand industry standards for client data protection and the evolving cybersecurity threats facing financial advisors. Her longevity in the industry also suggests she has likely worked with many clients over the years who may potentially be affected by these security incidents.

Symphony Financial: Brandts’ Independent Business

In addition to her securities registrations, Brandts operates Symphony Financial, established in 1983, where she serves as the managing member and independent insurance agent. She also created Symphony Financial Partners LLC in January 2017 “as owner of LLC for liability purposes,” according to her BrokerCheck report.

These business relationships create additional complexity in determining responsibility for cybersecurity practices, as breaches could potentially affect both advisory clients and insurance clients. The interconnected nature of these businesses raises questions about data sharing practices and security protocols across these entities.

Cambridge Investment Research: Firm Profile

Cambridge Investment Research, Inc. (CRD# 39543) is headquartered in Fairfield, Iowa, with Brandts operating from branch offices in Virginia and Maryland. The firm was founded in 1995 and has grown to become one of the larger independent broker-dealers in the United States.

Cambridge Investment Research Advisors, Inc. (CRD# 134139) is the affiliated registered investment advisory firm where Brandts is also registered. This dual registration as both a broker and investment advisor creates what’s known as a “hybrid” practice, allowing Brandts to provide both commission-based and fee-based services to clients.

As a firm, Cambridge Investment Research has responsibility for establishing and enforcing cybersecurity policies that affect all of their registered representatives, including Brandts. Their willingness to settle claims related to email security breaches raises questions about their overall approach to cybersecurity compliance and supervision.

Statute of Limitations Concerns for Affected Investors

Investors who may have been affected by these cybersecurity breaches should be aware of time limitations for filing claims. FINRA arbitration claims generally must be filed within six years of the event giving rise to the dispute, but shorter time frames may apply depending on the specific circumstances and applicable state laws.

Given that the reported incidents occurred in 2024 and 2025, affected clients would likely still have time to pursue claims. However, prompt action is advisable both to preserve legal rights and to protect accounts from potential ongoing security risks.

Taking Action: Your Financial Security After a Cyber Breach

The security incidents involving Amy Brandts’ email accounts represent a disturbing trend in financial services. For investors who entrusted their financial well-being to Cambridge Investment Research, these breaches demand immediate attention.

Immediate Security Protocol

Time is critical when dealing with potential cybersecurity compromises:

1. Implement a communication blackout with your advisor through email until security is verified
2. Establish direct phone verification for all account activities going forward
3. Initiate account audits across all investment platforms connected to your advisor
4. Document chronologically all unusual communications or transactions, no matter how minor

Regulatory Reporting Pathway

Beyond personal security measures, consider formal reporting channels:

• Submit detailed reports to both FINRA and the SEC investment complaint centers
• File an incident report with the FBI’s Internet Crime Complaint Center (IC3)
• Contact your state’s securities regulator for local jurisdiction guidance
• Request written confirmation of Cambridge Investment Research’s internal investigation status

Expert Consultation Framework

The complexity of cybersecurity-related investment fraud requires specialized guidance:

• Seek a securities attorney with specific cybersecurity breach experience in FINRA arbitration
• Consider digital forensics consultation to document the scope of potential exposure
• Evaluate multi-jurisdictional legal approaches if investments cross state lines
• Assess potential class action qualification if multiple investors were similarly affected

The consequences of email security breaches extend far beyond immediate financial losses. Identity theft concerns, future account vulnerability, and prolonged resolution timelines create cascading effects that can impact financial stability for years. Decisive action through qualified legal channels remains the most effective path toward potential recovery.

Call 800-950-6553 or complete our online form to schedule your no-obligation case evaluation.

Chetan Patil

Chetan Patil is the founder and Managing Partner of the Patil Law. He brings over 15 years of extensive experience in diverse complex disputes and transactions, across the country. Mr. Patil specializes in litigations, trials, arbitrations, and appeals of complex securities, FINRA, financial and business disputes, with an emphasis in securities, financial services, and financial regulatory law.