(Reuters) - Units of three broker-dealer and investment advisory firms agreed to pay hundreds of thousands of dollars in penalties to settle charges from the U.S. Securities and Exchange Commission (SEC) over cybersecurity failures, the regulator said on Monday.

The SEC charged KMS Financial Services, five units of financial firm Cetera, and two units of Cambridge Investment Research for failures to adopt and implement cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm.