The Great Falls-based firm took its public website offline after learning of the intrusion, hired a security consulting firm to investigate the theft and notified the major credit-reporting bureaus after learning about the incident.
"Despite our efforts to safeguard client information, a computer hacker using sophisticated techniques illegally accessed a database and obtained access to confidential client information," said William Johnstone, Davidson president and chief executive officer, in the statement. "All of us at Davidson are acutely aware of the uncertainty, stress and inconvenience associated with the potential compromise of personal information. We are fully committed to helping our clients deal with this unfortunate event as quickly as possible and are adopting measures to further enhance our network security.”
The company reportedly hired a vulnerability-assessment company last September to assess its network-security posture. The consulting company did not find any vulnerabilities at that time.
Davidson spokeswoman Jacquie Burchard said the firm would not comment further on the incident, saying that “with the investigation ongoing, it would be inappropriate to delve into the technical aspects of the security breach.”
There is no evidence the individual who hacked into its database was able to affect client accounts, according to Davidson, which urged its customers to guard against fraud. The company said it plans to pay for a year of credit-monitoring service for those impacted.
Johnstone addressed a letter to Davidson customers, alerting them to toll free numbers for current and past customers.
Based in Great Falls, Mont., Davidson is an employee-owned holdings company with a number of subsidiaries within the financial industry; it also owns a travel agency.