This Week in Breach: Black Rock
BlackRock: World’s largest asset manager and issuer of exchange-traded funds (ETFs).Risk to Small Business: Severe: The global investment management firm unintentionally displayed confidential information regarding thousands of financial adviser clients on its website. The data included personal information including names and emails, but also the assets each adviser was managing. A company spokesperson clarified that “the inadvertent and temporary posting of the information relates to two distribution partners serving independent advisers and does not include any of their underlying client information.” However, this news still has the potential to spook financial advisers from working with BlackRock and clients from entrusting their funds there.Individual Risk: Severe: When vulnerabilities of this magnitude are exposed within a third-party provider’s environment, the finger-pointing begins immediately. LCP Transportation, the vendor for MHS that disclosed the breach, will surface in news headlines and must answer to many other concerned clients as well. Although there is no evidence that any of the information was misused, experts are already calling for better cyber-risk management solutions to protect the healthcare industry.Customers Impacted:Over 12,000 advisers and sales representatives.How it Could Affect You: Data security is starting to become a priority on Wall Street due to recent losses shaking up public trust in the financial services industry as a whole. Breaches that originate from third-parties and avoid exposing end-user information still cause reputational harm, which can be measured in millions of dollars. Ultimately, companies will be evaluated by the security protocols they already have in place before a cyber-attack happens, along with the timeliness and effectiveness of their response.Read more
In Other News:An Emerging Target for Data Breaches: HR and Finance EmployeesAs phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the crosshairs. Historically, such departments have been able to fend off poorly executed phishing campaigns. However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.Many times, employee data can command a higher price tag on the Dark Web than customer data, since it is more likely to include social security numbers, dates of birth, names of dependents, and other lucrative data that can be used in perpetuity, instead of a one-time payment card fraud. When it comes to phishing attacks, it’s important to remember that human users are the weakest link the security chain.Read more