[BreachExchange] SEI Investments: Vendor Hit by Ransomware, Data Leaked

[Destry Winant]

https://www.databreachtoday.com/sei-investments-vendor-hit-by-ransomware-data-leaked-a-14722

Fund administrator SEI Investments Co. acknowledged Monday that it
suffered a data breach after one of its vendors was struck with a
ransomware attack, resulting in some of its customers' data being made
public by the malicious actors.

An SEI spokesperson tells Information Security Media Group that on May
17, the vendor, M.J. Brunner, was hit with ransomware, leading to the
data leak.

"We are aware that certain data has been illegally revealed by
cybercriminal(s)," the SEI spokesperson says. "We take our clients'
security very seriously, and we are working with Brunner, the FBI and
our impacted clients to understand the extent to which SEI's or our
clients' data has been exposed."

A representative of M.J. Brunner confirmed the incident.

"Brunner can confirm that in the middle of May, our IT staff detected,
and interrupted, a security incident involving some of our corporate
systems by an unauthorized actor," the representative tells ISMG.

M.J. Brunner responded to the attack by taking several systems
offline, the representative says. It also notified the FBI.

The company believes it has contained the situation, he adds. "It
should be noted that we have no evidence that any production systems
that we maintain on behalf of our clients were compromised, as they
are all on separate domains and network infrastructure."

Pittsburgh-based M.J. Brunner bills itself on its website as an
"integrated marketing agency specializing in cross-channel marketing
and award-winning creative solutions backed by data."

SEI: Systems Not Breached

The SEI spokesperson tells ISMG: "We can confirm that the root cause
of the attack was not predicated on vulnerability within SEI's
network, and neither our clients' nor SEI's network were compromised
or attacked as part of this incident,"

The Wall Street Journal reports the ransomware attack on SEI's vendor
resulted in about 100 SEI clients having their data exposed, with the
hackers gaining access to user names, emails and in certain cases
names, physical addresses as well as contact information associated
with SEI's dashboard.

Angelo Gordon & Co., Graham Capital Management, Fortress Investment
Group LLC, Centerbridge Partners and Pacific Investment Management Co.
are among the funds administered by SEI Investments that were impacted
by the ransomware attack, the Wall Street Journal reports.

Third-Party Risks

Third-party vendors can add certain cybersecurity risks, which must be
managed, Tim Wade, technical director for the CTO team at security
firm Vectra tells ISMG.

"Managing these risks is critical, and it is imperative that
organizations move their supplier security evaluation programs beyond
strict compliance objectives and start to really plumb the depths of
the actual security practices of these suppliers by verifying
functional information and product security programs, evidence of
ongoing vulnerability remediation, and the presence of proactive
security practices," Wade says.

String of Ransomware Attacks

On July 10, The Office of Compliance Inspections and Examinations
warned of an increase in ransomware attacks on SEC-registered entities
such as broker-dealers, investment advisers and investment companies.
The report advised these entities to inform their third-party service
providers who maintain client assets about the increasing risk of
ransomware attacks and monitor cybersecurity alerts from the
Department of Homeland Security's Cybersecurity and Infrastructure
Security Agency.

In March, the London-based financial services company Finastra
suffered a ransomware attack that compelled the company to take its IT
operations offline to limit further damage to its corporate network
(see: Fintech Firm Finastra Recovering From Ransomware Attack).