[BreachExchange] PH’s largest online stockbroker reports ‘possible’ hacking of client data

Fri Oct 20 15:15:48 EDT 2017

http://business.inquirer.net/238942/philippine-news-updates-business-col-
financial-cyberhacking

The personal data of almost a quarter of a million stock market online
investors may have been stolen by hackers, but the COL Financial — which
informed clients that its computers were the subject of a “possible breach”
— assured that no stock portfolios would be affected.

The company did, however, advise its clients to change their passwords used
to access their online trading portfolios.

COL Financial runs the country’s largest and most successful online stock
broker with some 225,000 investors registered on its trading platform.

Speaking to the Inquirer in a telephone interview Friday evening, Conrado
Bate, COL Financial president and CEO, said the possible breach was
discovered two days ago and that the company has been “investigating the
matter and doing all it can” to protect their clients.

“The breach in our system has not been confirmed, but we’re being very
proactive by telling our clients that there’s a possibility that their
personal information may have been accessed,” he said, adding that
investors have already been informed as of late Friday afternoon.

At the same time, Bate said the company had already informed the National
Privacy Commission as of 3 p.m., Friday, about the possible data breach, as
mandated by law.

He added that the stock brokerage firm has also informed regulators about
the issue, including the Philippine Stock Exchange.

“We assure our clients that their stock positions and portfolios are
unaffected,” he said. “They will be able to trade normally on Monday.”

Bate said the company is still investigating what particular information
was stolen or illegally accessed by the suspected hackers, but stressed
that there have been “no unauthorized withdrawals from client’s accounts.”

“We have taken action to further strengthen the security of our systems,”
the COL Financial chief said in his email to clients, a copy of which was
obtained by the Inquirer. “We also recommend that as standard practice that
you regularly change your password.”

The stock brokerage firm advised clients to reach the firm at
helpdesk at colfinancial.com if they have further questions about the issue.

“We want to be very forthright with our clients and other stakeholders
about this discovery we’ve made,” Bate added. “Clients’ accounts are
intact, their account balances and stock positions are safe. Transactions
have not been compromised. This just involves client information and
personal data.”

“It will be business as usual on Monday,” the COL Financial chief assured.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171020/e9698ef6/attachment.html>