Web server intrusion puts advisory clients at risk

Share this article:

An undisclosed number of accounts with Boston-based Windhaven Investment Management may have been compromised after an intruder accessed a web server maintained by a third-party.

How many victims? Undisclosed, but reports indicate Windhaven Investment Management manages roughly 44,000 accounts.

What type of personal information? Names, account numbers, custodians and investment positions.

What happened? There was an unauthorized intrusion on a web server maintained by a third-party vendor hired by Windhaven Investment Management. The intruder could have used this web server to access a database containing the personal information.  

What was the response? Windhaven Investment Management permanently disconnected the affected web server and database to prevent any potential access to information. Law enforcement has been alerted and an investigation is ongoing. Improvements are being made to Windhaven's security of confidential information and additional security is being added to accounts. Letters have been sent out to affected clients and they are being offered one free year of credit monitoring services.

Details: Windhaven Investment Management learned of the incident in August, but the actual incident occurred months earlier.  

Quote: “While we have not detected any specific indication that your information was accessed, we are informing you of this incident as a precautionary measure,” said Bryan Olson, president of Windhaven Investment Management, in the letter. “Please note that the database did not include your Social Security number, date of birth or information about any other accounts.”

Source: oag.ca.gov, “Windhaven Investments Sample Notice (PDF),” Sept. 19, 2013.

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Professor hacks University Health Conway in demonstration for class

A computer science professor from the City College of San Francisco accessed a University Health Conway server containing patient data as part of a demonstration for a class.

Another breach involving Onsite Health Diagnostics, Kansas City hospital impacted

Children's Mercy Hospital is notifying more than 4,000 individuals that their information may have been compromised after an Onsite Health Diagnostics system was breached.

Vitamin seller website attacked, payment cards and other info compromised

Credit and debit cards, as well as other information, may have been compromised by an attacker who gained access to TheNaturalOnline.com computer system.