DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Windhaven Investment Management notifies customers months after vendor-maintained server was hacked (update 3)

Posted on September 19, 2013 by Dissent

Windhaven Investment Management is notifying clients that a server maintained by an unnamed vendor suffered an unauthorized intrusion several months ago. As a result, customers’ names, account numbers, custodians, and investment positions for their Windhaven account(s) may have been accessed.  Neither Social Security numbers nor dates of birth were exposed.

Windhaven learned of the intrusion last month, but noted that potential access to customer accounts may have occurred months earlier.

The firm offered affected customers a complimentary subscription to an Equifax credit monitoring service and outlined a number of free services offered by its affiliate, Charles Schwab & Co., to harden the security of the customers’ accounts.

Update 1: The day after this breach notice appeared on California’s site, it was silently deleted by them and attempts to access the report resulted in “Access Denied.” I am still attempting to get a response from California as to why they removed it from their list and blocked access to it.  In the meantime, a copy of the notification has just been posted to Maryland’s web site, so you can read it there.  Just to make sure that it doesn’t disappear from there, too, I’ve downloaded a copy that I am uploading here (pdf).

Update 2: The notice has reappeared on California’s site, but with a different url. Since I didn’t download the first one, I’m not 100% sure whether what’s there now is identical to what was originally uploaded, but this version is redacted for contact info, whereas the original notice wasn’t.  The Maryland notice is only their letter to the state; not the attachment with the sample to affected clients.

Update 3: 419 New Hampshire residents were also notified of the breach.

No related posts.

Category: Financial SectorHackSubcontractor

Post navigation

← HHS: Statement of Delay in Enforcement of HIPAA Requirement for Certain CLIA and CLIA-Exempt Laboratories to Revise their Notices of Privacy Practices (NPP)
MNsure data security breach prompts new bill →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.