A criminal hack hit Mariner Wealth Advisors late last year, potentially exposing the personal data of nearly 9,000 people, the firm recently told authorities.
The Kansas-based wealth firm sent letters to consumers last week saying that a "criminal third party" accessed accounts and downloaded certain files in November, possibly gaining access to individuals' birth dates, driver's license information and Social Security numbers.
The incident involved three associates' cloud applications, according to a sample notification letter posted on the Maine attorney general's website. The letter doesn't define "associates."
"Please note that this incident was isolated to these three (3) associates and their specific cloud applications. Financial accounts, investment accounts, and other client accounts are stored on entirely separate systems at entirely separate entities that were unaffected by this incident," it says. "A number of controls are in place to detect and prevent suspicious activity within those systems, and they remain safe and secure."
Mariner, which reported that 8,995 individuals were affected, said it initially detected suspicious activity Nov. 24 tied to Mariner users' cloud applications and "immediately initiated its incident response plan and began containment measures. Those accounts were immediately isolated, secured, and analyzed to confirm containment."
The firm said it has been communicating with federal law enforcement and regulatory authorities and investigating alongside third-party experts, determining that a criminal third party "accessed the accounts and downloaded certain files during that time. A thorough review of the files involved
determined some of the files contained your personally identifiable or non-public personal information."
"We have no evidence that any files, including those containing your personal information, have been misused as a result of this incident. Mariner has engaged third-party researchers to monitor websites, forums and other online sources for signs of data misuse, and none has been found," the firm said.
Mariner offered affected clients free credit monitoring for the next 12 months.
"Earlier this year, Mariner detected and contained a security incident. We have no evidence that any personal information was misused, and the incident did not affect financial accounts, investment accounts or client account systems," a firm spokesperson told ThinkAdvisor by email Tuesday.
"Mariner takes the security of information seriously and continues to work with cybersecurity experts. This incident has no impact on the quality of our services or our commitment to clients."
Image: Adobe Stock-Sergey Nivens
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.