[BreachExchange] “Lincoln Financial Advisors” Disclose Data Breach Affecting Clients

Destry Winant destry at riskbasedsecurity.com
Fri Apr 17 10:23:07 EDT 2020


The Charpentier Wealth Strategies office belonging to the Lincoln
Financial Advisors has announced a data breach.
Apparently, an unknown person is holding a disk drive that contains
sensitive client information.
The exposed data includes full names, addresses, social security
numbers, and bank account information.

“Lincoln Financial Advisors,” or Lincoln, has disclosed a data breach
that has resulted in the exposure of sensitive personal and financial
details of its clients. The security incident was discovered by the
Pennsylvania-based company on March 19, 2020, after the firm learned
that an unknown third-party was in possession of a hard disk drive
containing their client data. The drive may come from the Charpentier
Wealth Strategies office in Bakersfield, California, but the company
cannot be certain about it. If you did business with the insurance
brokers, chances are you have been affected by the disclosed breach.

The information that has potentially been leaked now includes the following:

Full names
Home and/or business addresses
Social Security numbers
Dates of Birth
Bank Account information
Driver’s License number
Financial Account number

It is not clear what the bank account information would include, but
there may be checking numbers, routing transit numbers, and other
sensitive data in it. For this reason, Lincoln has arranged the
provision of a one-year membership in Kroll’s identity monitoring and
protection services, so the recipients of these notices are encouraged
to enlist before July 15, 2020. To do it, visit this webpage and enter
the membership number that has been provided in the message that you
received from Lincoln. Alternatively, call “1-844-263-8605.” If you
have any other questions to address to Lincoln, you should contact
them at “1-888-921-0513.”

This story reminds us of the Health Share Oregon incident from last
February when a thief stole a laptop from the organization’s offices
and run away with the valuable data that was stored inside.
Cyber-security is also about physical data protection, which is a
basic element that many people often forget. While Lincoln hasn’t
clarified if the disk ended up in the unknown individual’s hands in
the context of a robbery, it certainly seems possible when considering
the rest of the story. It is precisely why disk encryption should be a
standard security practice for all companies that hold sensitive
client data.

Lincoln states that the data protection and law enforcement
authorities have been informed about the incident and that they are
already cooperating with them in the ongoing investigation. Lincoln
customers will now have their account security heightened. Finally,
contracted investment companies were also directly advised to take the
appropriate precautionary measures.

More information about the BreachExchange mailing list