DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Five recent Merrill Lynch security breaches you probably didn’t know about

Posted on January 3, 2009 by Dissent

As if the financial sector wasn’t in enough of tailspin recently, Merrill Lynch reported at least five security breaches during the last quarter of 2008.  Reports filed by the firm with several states attorney general reveal that:

  • On September 3, the company reported a lost laptop containing personally identifiable information to New York State. That report is not currently available online.
  • On September 15, the company reported a stolen laptop to New York State. That report is also not currently available online.
  • On September 18, the company reported a stolen laptop to Maryland that contained names, addresses, dates of birth, and social security numbers. The report is not available online, and Merrill Lynch has not responded to two inquiries as to whether this was the same laptop reported to NYS or a separate incident.
  • On October 9, the company notified Maryland that an external hard drive was lost or stolen during transport to a facility. Information on the drive included clients’ names, social security numbers or tax ID numbers, dates of birth, addresses, phone numbers, email addresses, passport numbers, drivers license numbers, Merrill Lynch account numbers, loan information, insurance policy information, other financial account information, and online user credentials.
  • On December 16, the company notified New Hampshire of a stolen laptop containing personal information. The laptop, which was stolen from the firm’s Tacoma office on November 26, contained client information including name, Social Security number, address, telephone number and email address.
  • On December 29, the company notified New Hampshire that another laptop was stolen, this one from the home of a third-party contractor’s employee. The theft occurred early in December, and the laptop contained names and social security numbers of “a population of current and former Merrill Lynch Financial Advisors and some applicants for employment.” The laptop did not contain any additional personal or financial information, nor any client data.

The number of employees or clients affected by these breaches was not revealed, and Merrill Lynch has not responded to several requests for additional information.

Past Known Breaches

In 2007, Merrill Lynch reported two data losses to New Hampshire: a laptop stolen from a New York office that contained client information, and a storage device theft affecting 33,000 employees that was reported in the media. Two incidents reported to New York in 2006 were not reported in the media. One involved a laptop stolen from a third-party tax preparer that contained information on 300 individuals. The other involved a laptop stolen from an employee’s vehicle that contained client account data on 10,500 New York residents and 2,800 North Carolina residents; the total number of clients affected was not reported.  Other breaches may have been reported to New York for 2007, but complete 2007 data from NYS have not yet been obtained.


Related:

  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack
  • Two more entities have folded after ransomware attacks
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Bitcoin holds steady as hackers drain over $40 million from CoinCDX, India's top exchange
Category: Breach IncidentsFinancial SectorLost or MissingTheftU.S.

Post navigation

← Seibels Bruce Group hacked?
Pepsi employee data on missing storage device →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack
  • Cyberattacks Paralyze Major Russian Restaurant Chains
  • France Travail: At least 340,000 job seekers victims of new hack
  • Legal Silence and Chilling Effects: Injunctions Against the Press in Cybersecurity
  • #StopRansomware: Interlock
  • Suspected XSS Forum Admin Arrested in Ukraine
  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.