DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Five recent Merrill Lynch security breaches you probably didn’t know about

Posted on January 3, 2009 by Dissent

As if the financial sector wasn’t in enough of tailspin recently, Merrill Lynch reported at least five security breaches during the last quarter of 2008.  Reports filed by the firm with several states attorney general reveal that:

  • On September 3, the company reported a lost laptop containing personally identifiable information to New York State. That report is not currently available online.
  • On September 15, the company reported a stolen laptop to New York State. That report is also not currently available online.
  • On September 18, the company reported a stolen laptop to Maryland that contained names, addresses, dates of birth, and social security numbers. The report is not available online, and Merrill Lynch has not responded to two inquiries as to whether this was the same laptop reported to NYS or a separate incident.
  • On October 9, the company notified Maryland that an external hard drive was lost or stolen during transport to a facility. Information on the drive included clients’ names, social security numbers or tax ID numbers, dates of birth, addresses, phone numbers, email addresses, passport numbers, drivers license numbers, Merrill Lynch account numbers, loan information, insurance policy information, other financial account information, and online user credentials.
  • On December 16, the company notified New Hampshire of a stolen laptop containing personal information. The laptop, which was stolen from the firm’s Tacoma office on November 26, contained client information including name, Social Security number, address, telephone number and email address.
  • On December 29, the company notified New Hampshire that another laptop was stolen, this one from the home of a third-party contractor’s employee. The theft occurred early in December, and the laptop contained names and social security numbers of “a population of current and former Merrill Lynch Financial Advisors and some applicants for employment.” The laptop did not contain any additional personal or financial information, nor any client data.

The number of employees or clients affected by these breaches was not revealed, and Merrill Lynch has not responded to several requests for additional information.

Past Known Breaches

In 2007, Merrill Lynch reported two data losses to New Hampshire: a laptop stolen from a New York office that contained client information, and a storage device theft affecting 33,000 employees that was reported in the media. Two incidents reported to New York in 2006 were not reported in the media. One involved a laptop stolen from a third-party tax preparer that contained information on 300 individuals. The other involved a laptop stolen from an employee’s vehicle that contained client account data on 10,500 New York residents and 2,800 North Carolina residents; the total number of clients affected was not reported.  Other breaches may have been reported to New York for 2007, but complete 2007 data from NYS have not yet been obtained.

Category: Breach IncidentsFinancial SectorLost or MissingTheftU.S.

Post navigation

← Seibels Bruce Group hacked?
Pepsi employee data on missing storage device →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.