Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Not all data breaches stem from hacking; sometimes it just leaks out.
An employee working at financial planning giant Ameriprise unintentionally exposed personal information of customers, which included hundreds of investment portfolios worth tens of millions of pounds.
So you can say this is a big leak.
The data leak was discovered by Chris Vickery, a lead researcher for the security team at MacKeeper. Vickery noticed that the system was exposed while performing a random scan. The data was found on a network storage device at the employee’s home, which was set to synchronise over the internet with his backup drive at the office.
When Vickery found the chunk of data, he alerted and supplied the data to the company. One investment portfolio that was leaked involved a Massachusetts couple who had over £1 million in retirement funds. The portfolio also contained highly sensitive notes and letters which detailed the couple’s future plans.
Alarm bells are going off here as there was neither a secure backup system nor a password at the employee’s drive at home. This would’ve allowed almost anyone a full view of the sensitive information stored on his drive.
The information stored on the drive included social security numbers, bank accounts, and financial planning data on around 350 ‘high-value’ clients. The information leaked wasn’t restricted to just clients, and also contained personal information belonging to the employee, including a backup of his password manager’s data.
The database was found on Shodan, a search engine for open and unsecured databases for devices connected to the internet. As was the case for the employee’s drive.
The employee hasn’t been named, but his clients will be notified of the breach by the company. This could be because Ameriprise is one of the largest companies in America, if the employee was named, this could tarnish the reputation of that specific branch/franchise.
Ameriprise are taking the data leak very seriously given the tight regulations it has to abide by. As they retrieve both of the backup drives and examine them in an internal lab, I’m sure that they’ll come under fire for why the backup was left unprotected to start with. This highlights the lack of regulation that they have and/or the lack of enforcement powers on employees.
The employee blames the company for providing him with the office backup drive. However, the company denies this, saying: “we provide a secure online storage solution for this information”. When working from home, employees are required to file and sign an information security policy, which explains how the employees are responsible for safeguarding client information. Ironically, this was one of the documents that was exposed.
Regardless of whether it was the employee or the company at fault, both of them have the responsibility to ensure that their client’s personal information is stored securely. This is even more important where tens of millions of pounds of investment portfolios are at stake.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.