A May ransomware attack on M.J. Brunner Inc. exposed data pertaining to clients of SEI Investments Co., among them money managers like Pacific Investment Management Co. (Pimco), Fortress Investment Group LLC and Centerbridge Partners.
SEI Investments said in a statement that the attack was not the result of any flaw in its network. Instead, the fault stemmed from a hack at vendor M.J. Brunner, which developed and maintains the investment company’s dashboard as well as its online enrollment portal, according to a Wall Street Journal report, citing sources who said user names, emails and some physical addresses and phone numbers were nicked from the provider.
“We take our clients’ security very seriously, and we are working with Brunner, the Federal Bureau of Investigation and our impacted clients to understand the extent to which SEI’s or our clients’ data has been exposed,” the spokesperson said.
Noting the trend toward exfiltrating data during a ransomware attack, Erich Kron, security awareness advocate at KnowBe4, said, “Arguably in this case, as with many others lately, the exfiltration of data is the more severe impact than the encryption of the files by the ransomware.”
The incident also highlights the dangers posed by ever more common supply chain attacks. “Any time we outsource to a third party, the organization must accept the risk related to the information being collected and managed by that third party,” Kron said. While the data might appear to be innocuous in this case, it could be a treasure trove for those bent on social engineering, particularly highly targeted smishing attacks. “When events like this occur, it is very important to notify the potential victims quickly and to help them understand the risks they face through whatever information was compromised,” he said.