The data leak of BlackRock hits 20,000 advisers

Data Leak

Leakage was caused by human error, not a cyberattack and’ no breach of security’

New York — A data leak revealed at BlackRock last week revealed the names, e-mail addresses and other information of about 20,000 asset manager advisors, including 12,000 at LPL Financial, the largest independent broker dealer in the United States.

“BlackRock posted a small number of sales-related documents inadvertently, which were up for a short period of time and were promptly removed, “the company said in an e-mail statement on Monday.” The information related to a very limited number of wealth management platforms affecting approximately 20,000 independent advisors in the US.

“LPL informed advisors during the weekend that some of them were posted on its website by BlackRock. The leak has affected advisors who deal with the iShares exchange traded funds (ETF) unit of BlackRock.” After being informed of this issue by BlackRock, our first priority was to reach out to our consultants to inform them about the situation and share the details we learned, “said Jeffrey Mochal, LPL spokesman in a statement on Sunday.

“We will continue to communicate closely with BlackRock as they investigate the incident and share information with our consultants as it becomes available.”

ETF business

BlackRock and LPL are the latest financial firms involved in a data problem that affects a key part of their business. Sales of ETFs are crucial for BlackRock, which runs the largest ETF business in the world. Such products account for a third of BlackRock ‘s assets of approximately $6 trillion.

Registered financial consultants working with brokerages like LPL are a key channel for ETFs in individual investor portfolios. BlackRock did not identify the other affected platforms. The company said that it “recognizes the gravity of the error and we very much regret that it happened. We always seek to treat with great care the information entrusted to us.

Bloomberg News reported on Friday that BlackRock accidentally published information about thousands of financial consultants on its website. The data appeared in several tablets, some of which contained names such as “club level.

“The LPL categorizes advisors with such levels, including for some top performers the so-called “Chairman’s Club. “BlackRock said in his statement that the disclosures were the result of human error.

“There were no security breach and no BlackRock systems compromise, “the company said. Sales information for an internal customer relationship management system was posted on inadvertently, said the company. Limited scope’ BlackRock said it reported the leak to the affected companies and that the company is confident that it understands the’ limited scope and implications’ of the issue after reviewing its website.

“The sales-related documents did not relate to any other BlackRock customer business, “the statement said.”No information was included about the end customers of financial advisors. And no sensitive personal or financial information has been included about consultants or anyone else. In addition, no information was disclosed on holdings at the ticker or portfolio level. “LPL serves over 16,000 financial advisors with functions including trading and conformity.

In a separate incident in November, LPL said it investigated a data breach with a vendor company, Capital Forensics, which puts the personal information of investors at risk. At that time, Capital Forensics confirmed that the attack revealed data from its clients ‘ “small number. ” In financial firms, keeping information secure is an increasingly important issue, forcing them to tackle both cyber attacks and human error.

“Inadvertent data exposure and data loss is more common than we believe, “said Rahul Telang, a professor of information systems and management at Carnegie Mellon University, in an interview. “A lot of time companies spend a lot of money trying to protect data from hackers, but small human errors can have the same effect.

“Karen Barr, president and CEO of the Investment Adviser Association, said that any advisors concerned that their information might have been disclosed should start by taking stock of what was disclosed.” The first step is to evaluate the information’s depth and type, “she said. “You really put the issue around your arms and the extent of the potential damage. “

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.