Web server intrusion puts advisory clients at risk

Share this article:

An undisclosed number of accounts with Boston-based Windhaven Investment Management may have been compromised after an intruder accessed a web server maintained by a third-party.

How many victims? Undisclosed, but reports indicate Windhaven Investment Management manages roughly 44,000 accounts.

What type of personal information? Names, account numbers, custodians and investment positions.

What happened? There was an unauthorized intrusion on a web server maintained by a third-party vendor hired by Windhaven Investment Management. The intruder could have used this web server to access a database containing the personal information.  

What was the response? Windhaven Investment Management permanently disconnected the affected web server and database to prevent any potential access to information. Law enforcement has been alerted and an investigation is ongoing. Improvements are being made to Windhaven's security of confidential information and additional security is being added to accounts. Letters have been sent out to affected clients and they are being offered one free year of credit monitoring services.

Details: Windhaven Investment Management learned of the incident in August, but the actual incident occurred months earlier.  

Quote: “While we have not detected any specific indication that your information was accessed, we are informing you of this incident as a precautionary measure,” said Bryan Olson, president of Windhaven Investment Management, in the letter. “Please note that the database did not include your Social Security number, date of birth or information about any other accounts.”

Source: oag.ca.gov, “Windhaven Investments Sample Notice (PDF),” Sept. 19, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.