Data theft puts LPL clients at risk

[Jake Kouns <jkouns () opensecurityfoundation org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.investmentnews.com/article/20100411/REG/304119985

By Bruce Kelly
Investment News
April 11, 2010

LPL Financial yet again has fallen prey to a technology blunder that
placed private client information at risk.

An unencrypted portable hard drive was stolen from the car of an LPL
representative Feb. 24, according to a letter sent last month by LPL to
the attorney general of New Hampshire. The adviser, Christian D'Urso of
StoneRidge Wealth Management in Beaverton, Ore., had one client in New
Hampshire, the letter said.

As a result of the theft, private client information, including names,
addresses, dates of birth and Social Security numbers .may have been
breached,. Marc Loewenthal, LPL's senior vice president and chief
security and privacy officer, wrote in the letter.

This isn't the first time LPL has had to deal with a security lapse
involving one of its reps. In 2007, the firm reported that computer
hackers had compromised the login passwords of 14 financial advisers and
four assistants [1].

[1] http://www.infosecnews.org/hypermail/0809/15338.html

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php