Web server intrusion puts advisory clients at risk

Share this article:

An undisclosed number of accounts with Boston-based Windhaven Investment Management may have been compromised after an intruder accessed a web server maintained by a third-party.

How many victims? Undisclosed, but reports indicate Windhaven Investment Management manages roughly 44,000 accounts.

What type of personal information? Names, account numbers, custodians and investment positions.

What happened? There was an unauthorized intrusion on a web server maintained by a third-party vendor hired by Windhaven Investment Management. The intruder could have used this web server to access a database containing the personal information.  

What was the response? Windhaven Investment Management permanently disconnected the affected web server and database to prevent any potential access to information. Law enforcement has been alerted and an investigation is ongoing. Improvements are being made to Windhaven's security of confidential information and additional security is being added to accounts. Letters have been sent out to affected clients and they are being offered one free year of credit monitoring services.

Details: Windhaven Investment Management learned of the incident in August, but the actual incident occurred months earlier.  

Quote: “While we have not detected any specific indication that your information was accessed, we are informing you of this incident as a precautionary measure,” said Bryan Olson, president of Windhaven Investment Management, in the letter. “Please note that the database did not include your Social Security number, date of birth or information about any other accounts.”

Source: oag.ca.gov, “Windhaven Investments Sample Notice (PDF),” Sept. 19, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Backup hard drive stolen from law firm contained personal info

Social security numbers were among the information on a backup hard drive that was stolen from an employee of Imhoff and Associates, PC.

POS malware infections at two OTTO pizzeria locations in Maine

About 900 customers at two OTTO pizzeria locations in Portland, Maine, had payment card data compromised after POS malware was discovered on terminals.

Los Angeles-based health system breached; more than 500 patients affected

Personal information on more than 500 Cedars-Sinai Health System patients was compromised after a laptop was stolen from an employee's home.