Phishing messages containing malware landed on devices belonging to a "small number" of advisors affiliated with LPL Financial, leading to unauthorized transactions and transfers in some client accounts, the firm reported to a state regulator.
The brokerage and advisory firm took steps to stop the unauthorized activity and restore any accounts to their original financial positions, and offered the 1,581 affected clients free credit monitoring and identity theft protection services for two years, according to a sample consumer letter posted on the Maine attorney general's website Wednesday.
The web posting indicates the breach occurred on Nov. 10, was discovered around Nov. 20, and that LPL expects to notify consumers on April 27.
"Between November 20, 2025, and November 25, 2025, we learned of unauthorized securities transactions and financial transfers involving accounts maintained by clients of a small number of our affiliated financial advisors. We promptly contacted law enforcement and launched an investigation, with assistance from outside experts, to determine what occurred and to address the activity," LPL said in the letter.
"Our investigation found that malware distributed through phishing messages affected a limited number of individual advisor devices and resulted in unauthorized third-party access to the accounts of those advisors on LPL's web-based advisor portal.
"Our investigation did not identify evidence that your sensitive personal information was accessed or acquired by a third party in connection with these events. However, we are notifying you out of an abundance of caution because we cannot rule out the possibility that a third party may have viewed certain of your personal information in the course of executing the scheme," the firm wrote.
LPL said it secured all affected accounts and implemented new technical safeguards to strengthen security controls, and engaged outside information security and technology experts to help in reviewing and investigating the incident.
"After a thorough investigation, we have found no evidence of ongoing compromise to our information systems and no evidence of additional unauthorized activity," the firm said.
"We identified unusual activity involving accounts associated with a very small number of affiliated advisors. The activity was promptly contained and there are no ongoing issues," an LPL spokesperson told ThinkAdvisor by email Thursday.
In December, LPL reported a breach that occurred Sept. 30 also involved unauthorized transactions and may have exposed 53 people's personal information. In that case, the firm said, "we believe foreign threat actors gained access to the online accounts of certain affiliated financial advisors and used them in connection with a 'hack pump-and-dump' trading scheme intended to artificially inflate the prices of securities."
Courtesy photo
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.