An advisory firm’s client information was exposed via a hack… of its printing vendor.
According to a filing with the Maine Attorney General’s office, on March 16, 2022, Cetera Financial Group received notice from its third-party printing service provider (R.R. Donnelley & Sons Company) of a “data security event” that affected its systems. The printing vendor reported that on Dec. 23, 2021, it identified anomalous activity on its network, investigated the activity and determined that between Nov. 29, 2021 and Dec. 23, 2021, their systems were accessed by an “unknown actor.”
Having received that notice, Cetera says, it immediately commenced an investigation which included requesting additional information on the event and RRD’s investigation. While Cetera told the Maine AG it is still reviewing this information, on or about May 18, 2022, the organization identified personal information relating to two Maine residents, including name and Social Security number—which, apparently, led to the filing.
That same filing indicated that 2,188 people might have been affected by the intrusion, specifically access to their Social Security number.
According to the filing, Cetera is reviewing its policies and procedures regarding third-party vendors, data transfers, and working with the printing vendor to evaluate additional measures and safeguards in response to this incident. Additionally, Cetera is offering complimentary credit monitoring services for one year, through Experian, to individuals whose personal information was potentially affected, and they are also being provided with guidance on how to better protect against identity theft and fraud.
Additionally, Cetera says in the filing that it is providing individuals with information on how to place a fraud alert and security freeze on one’s credit file, the contact details for the national consumer reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud.
Cetera also reported that it is providing written notice of this incident to relevant regulators, and to the three major credit reporting agencies, Equifax, Experian, and TransUnion.
