LPL and Ameriprise Notify Clients of Cybersecurity Incidents Involving Account Access
From the desk of Jim Eccleston at Eccleston Law
LPL Financial and Ameriprise Financial Services recently notified certain clients about separate cybersecurity incidents that exposed private information and, in one case, led to unauthorized trading activity. Both firms reported the matters to the Maine Attorney General, which publicly posts data breach disclosures. InvestmentNews reports that LPL submitted its notice on December 26, and Ameriprise followed on January 2.
According to client letters, LPL identified unauthorized securities transactions between September 30 and October 10 involving accounts maintained by clients of a small number of affiliated advisors. The firm stated that foreign threat actors accessed certain advisors' online accounts and executed trades as part of a "hack pump-and-dump" scheme designed to inflate stock prices artificially. According to InvestmentNews, the activity affected 53 client accounts.
LPL reported that it contacted law enforcement, retained outside experts, and launched an investigation. The firm stated it promptly contained the activity and confirmed that no ongoing issues remain. LPL also advised clients that the threat actors may have viewed certain personal information while accessing the compromised accounts.
Separately, Ameriprise disclosed an incident involving a phishing attack, as reported by InvestmentNews. On December 4, a financial advisor received an email that appeared to come from a client. The communication enabled a bad actor to gain potential access to or transmit certain client information for a limited period. Ameriprise indicated that 598 clients may have been affected.
In its notice, Ameriprise stated that it detected and contained the incident quickly and initiated an internal investigation to determine the scope of the exposure. According to InvestmentNews, the firm reported no evidence that anyone improperly used client information and confirmed that services continued without interruption.
According to InvestmentNews, industry observers have noted that cybersecurity risks increase when advisors transition between firms or rely on personal communication channels. Firms must maintain strict controls over client data, particularly during periods of advisor movement and recruiting activity.
Both incidents highlight the ongoing threat cyber actors pose to financial institutions and the sensitive information entrusted to advisors.
Eccleston Law LLC represents investors and financial advisors nationwide in securities, employment, transition, regulatory, and disciplinary matters.
Tags: eccleston, eccleston law, cybersecurity, data breach, unauthorized trading, lpl financial, ameriprise financial
