Our Thoughts on the LPL Financial Data Breach – November 2018
Some of you received a letter from LPL Financial in the last couple of weeks. If you did not, please feel free to ignore this letter.
However, if you did receive a letter from LPL, we would like to share our thoughts on some disappointing news.
**As a reminder, we ended our partnership with LPL over a year ago to better focus on serving clients like you. Our decision to separate was partially to improve and secure our technology.
Unfortunately, even though we had separated from LPL, they continued to retain information on certain clients for their own compliance. Consequently, clients’ records were at the mercy of LPL’s security efforts and their third-party providers. Regulations require financial institutions, like LPL, to maintain records on all former clients for several years.
Those records include personal information.
The letter dated as of November 17, 2018 states: one of LPL’s providers, Capital Forensics, suffered a security breach on November 1, 2018 by an unauthorized person who “gained access to a single Capital Forensics user’s account on a third-party file-sharing system.” Upon investigation, LPL “determined that the files included some of your personal information, including your name, account number and Social Security Number.”
Upon several attempts to learn more about the breach, we were unable to get specific or detailed answers that gave us comfort. LPL will not share any specific information about individual clients, as we are no longer affiliated with them. They have encouraged us to have our clients call LPL directly for more information.
LPL provides further details in this article, along with a phone number for questions on free credit monitoring. They also offered our clients to use their third-party relation, AllClear Identity Repair, to monitor any account(s) that might have been impacted. We have no direct relationship with AllClear, nor have we done any due diligence on their company or services. Therefore, we don’t feel comfortable making any recommendations.
Our top priority is to protect your security and identity. We have written some advice in the last few months on how to prevent and deal with cybersecurity. You can read our recent October blog discussing some steps to consider if you become a victim of cybercrime.