LPL Financial has sent a notification about a third-party hack that was shared with DataBreaches.net by a reader. The hack involving Capital Forensics, Inc. has reportedly affected a number of that vendor’s clients (but not all clients).
From their November 9th notification to advisors, LPL writes:
LPL works with a firm called Capital Forensics, Inc. (CFI) on a limited basis in support of document production and data analysis efforts. On November 1, an unauthorized person accessed a third party file-sharing system that CFI uses with its customers, including LPL. The unauthorized person appears to have gained access to data files containing personally identifiable information, including investor names, addresses, social security numbers, and account numbers.
*What We Are Doing to Protect Affected Investors*
To protect impacted investors, we have implemented internal procedures that will provide heightened monitoring of their accounts to help prevent fraudulent activity. We have also worked with the vendor to provide credit monitoring and identity protection service at no charge for any impacted investor. We’ll also be mailing a letter to impacted investors regarding this incident.
DataBreaches.net emailed an inquiry to CFI earlier this morning, but has received no response by publication time. The inquiry asked how the attack occurred, how many people had their personal or financial information accessed or acquired, and whether there was any extortion or ransom demand as part of the incident.
This post will be updated if CFI responds or more information becomes available. It appears that RIABiz did get some statement from CFI last week. They report:
The hack was discovered four hours after it began, and it was sealed within six, says a Capital Forensics spokesman, in a prepared statement, via email. “All affected clients have been notified, and we’re working closely with them to remediate this matter … we’re conducting a thorough investigation and taking steps to further protect all our clients.”