LPL Financial has sent a notification about a third-party hack that was shared with DataBreaches.net by a reader. The hack involving Capital Forensics, Inc. has reportedly affected a number of that vendor’s clients (but not all clients).
From their November 9th notification to advisors, LPL writes:
*What Happened*
LPL works with a firm called Capital Forensics, Inc. (CFI) on a limited basis in support of document production and data analysis efforts. On November 1, an unauthorized person accessed a third party file-sharing system that CFI uses with its customers, including LPL. The unauthorized person appears to have gained access to data files containing personally identifiable information, including investor names, addresses, social security numbers, and account numbers.*What We Are Doing to Protect Affected Investors*
To protect impacted investors, we have implemented internal procedures that will provide heightened monitoring of their accounts to help prevent fraudulent activity. We have also worked with the vendor to provide credit monitoring and identity protection service at no charge for any impacted investor. We’ll also be mailing a letter to impacted investors regarding this incident.
DataBreaches.net emailed an inquiry to CFI earlier this morning, but has received no response by publication time. The inquiry asked how the attack occurred, how many people had their personal or financial information accessed or acquired, and whether there was any extortion or ransom demand as part of the incident.
This post will be updated if CFI responds or more information becomes available. It appears that RIABiz did get some statement from CFI last week. They report:
The hack was discovered four hours after it began, and it was sealed within six, says a Capital Forensics spokesman, in a prepared statement, via email. “All affected clients have been notified, and we’re working closely with them to remediate this matter … we’re conducting a thorough investigation and taking steps to further protect all our clients.”
LPL is not working closely with us. We got letters and really nothing else, not even a phone number at LPL to call. They want to turn people over to the company they are offering protection from. I expect a representative from LPL to be accountable and part of all this . I left a voice message for Gerald F. Spada at LPL. So far no response. If LPL continues to want to take the easy way out I hope you can help or some governmental agency will help to get them to stand up and take an active role in protecting their customers. We have not been a customer for over three years and were shocked to learn they did not wipe us clean from their data base. Another question that LPL needs to answer!
I agree with the lack of attention LPL is providing. All Clear Fraud protection does not receive glowing stars as a protection gift from LPL. Premium Life Lock protection should be the first choice. Next we have all the management fees we pay. What did we pay for? They allowed a third party, Capital Forensics into our files. What portion of the management fees allowed Capital in? Did I give permission for them to see my so called secure files? Not Happy! Somebody got my and my wife’s Social Security .My advisor may loose our account do to the breach.