The CFTC recently announced a settlement with futures firm AMP Global Clearing LLC (AMP), which had tens of thousands of client records compromised after its IT vendor unknowingly installed a backup drive on AMP’s network that included an unsecured port. The settlement order requires AMP to cease and desist from future violations, pay a civil penalty of $100,000 and report to the CFTC for the next year on its efforts to improve its digital security. “As this case shows, the CFTC will work hard to ensure regulated entities live up to that responsibility, which has taken on increasing importance as cyber threats extend across our financial system,” said CFTC Director of Enforcement James McDonald. In particular, it is a reminder of the importance of monitoring third-party service providers. In this article, we analyze the case and relevant remedial steps AMP agreed to take. For more from the CFTC, see “Virtual Currencies Present Significant Risk and Opportunity, Demanding Focus From Regulators, According to CFTC Chair” (Feb. 14, 2018).