Web server intrusion puts advisory clients at risk

Share this article:

An undisclosed number of accounts with Boston-based Windhaven Investment Management may have been compromised after an intruder accessed a web server maintained by a third-party.

How many victims? Undisclosed, but reports indicate Windhaven Investment Management manages roughly 44,000 accounts.

What type of personal information? Names, account numbers, custodians and investment positions.

What happened? There was an unauthorized intrusion on a web server maintained by a third-party vendor hired by Windhaven Investment Management. The intruder could have used this web server to access a database containing the personal information.  

What was the response? Windhaven Investment Management permanently disconnected the affected web server and database to prevent any potential access to information. Law enforcement has been alerted and an investigation is ongoing. Improvements are being made to Windhaven's security of confidential information and additional security is being added to accounts. Letters have been sent out to affected clients and they are being offered one free year of credit monitoring services.

Details: Windhaven Investment Management learned of the incident in August, but the actual incident occurred months earlier.  

Quote: “While we have not detected any specific indication that your information was accessed, we are informing you of this incident as a precautionary measure,” said Bryan Olson, president of Windhaven Investment Management, in the letter. “Please note that the database did not include your Social Security number, date of birth or information about any other accounts.”

Source: oag.ca.gov, “Windhaven Investments Sample Notice (PDF),” Sept. 19, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.