DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Five recent Merrill Lynch security breaches you probably didn’t know about

Posted on January 3, 2009 by Dissent

As if the financial sector wasn’t in enough of tailspin recently, Merrill Lynch reported at least five security breaches during the last quarter of 2008.  Reports filed by the firm with several states attorney general reveal that:

  • On September 3, the company reported a lost laptop containing personally identifiable information to New York State. That report is not currently available online.
  • On September 15, the company reported a stolen laptop to New York State. That report is also not currently available online.
  • On September 18, the company reported a stolen laptop to Maryland that contained names, addresses, dates of birth, and social security numbers. The report is not available online, and Merrill Lynch has not responded to two inquiries as to whether this was the same laptop reported to NYS or a separate incident.
  • On October 9, the company notified Maryland that an external hard drive was lost or stolen during transport to a facility. Information on the drive included clients’ names, social security numbers or tax ID numbers, dates of birth, addresses, phone numbers, email addresses, passport numbers, drivers license numbers, Merrill Lynch account numbers, loan information, insurance policy information, other financial account information, and online user credentials.
  • On December 16, the company notified New Hampshire of a stolen laptop containing personal information. The laptop, which was stolen from the firm’s Tacoma office on November 26, contained client information including name, Social Security number, address, telephone number and email address.
  • On December 29, the company notified New Hampshire that another laptop was stolen, this one from the home of a third-party contractor’s employee. The theft occurred early in December, and the laptop contained names and social security numbers of “a population of current and former Merrill Lynch Financial Advisors and some applicants for employment.” The laptop did not contain any additional personal or financial information, nor any client data.

The number of employees or clients affected by these breaches was not revealed, and Merrill Lynch has not responded to several requests for additional information.

Past Known Breaches

In 2007, Merrill Lynch reported two data losses to New Hampshire: a laptop stolen from a New York office that contained client information, and a storage device theft affecting 33,000 employees that was reported in the media. Two incidents reported to New York in 2006 were not reported in the media. One involved a laptop stolen from a third-party tax preparer that contained information on 300 individuals. The other involved a laptop stolen from an employee’s vehicle that contained client account data on 10,500 New York residents and 2,800 North Carolina residents; the total number of clients affected was not reported.  Other breaches may have been reported to New York for 2007, but complete 2007 data from NYS have not yet been obtained.

Related posts:

  • Merrill Lynch sues three alleged phishers
Category: Breach IncidentsFinancial SectorLost or MissingTheftU.S.

Post navigation

← Seibels Bruce Group hacked?
Pepsi employee data on missing storage device →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.