Private Client Services is the Latest Cyberattack Victim
Table of Contents
- By Steven
- Sep 14, 2022
Private Client Services, also known as PCS, recently admitted it suffered a sizable data breach. Hackers victimized the investment advisor business in November of 2021. Let's delve into the details of the digital offensive.
Why did Hackers Target PCS?
Based in lovely Louisville, PCS is licensed for business across the entirety of the nation. The company is a broker-dealer with more than 70 affiliated offices in the United States alone. However, it took until the final week of May 2022 for Private Client Services to transmit data breach notices to those affected by the attack.
How was the Attack Performed?
The company identified suspicious activity tied to the email account of an internal employee. PCS management launched an investigation to gauge the scope of the threat. The analysis revealed that the unauthorized party entered an employee's email account between early and mid-November 2021.
How did PCS Respond to the Intrusion?
PCS worked in tandem with the FBI to analyze the threat. The two conducted an in-depth review of the compromised accounts to gauge what type of sensitive data was stored in them. The review wrapped up in late April. The analysis revealed the compromised email accounts contained information that could empower criminals to steal victims' identities to commit financial fraud or worse.
The letter PCS sent to customers potentially compromised by the attack reveals that the company's internal brass is not entirely sure how the information was viewed. They believe that the information in question was not stolen or even viewed long enough to glean valuable nuggets that could potentially cause identity theft. In short, the message sent to affected parties is that PCS is not ruling out any specific type of illegal activity, meaning the forewarning was likely transmitted for legal liability purposes.
What Type of Information was Exposed in the Attack?
The breach exposes PCS customers' full names, social security numbers, state identification numbers, and driver's license numbers. Parties who provided personal information to PCS are encouraged to protect their identity with the industry’s latest safeguards.
Affected parties are encouraged to review account statements and activate credit report monitoring that identifies nefarious activity. It is worth noting the company does not know what will occur from the data's misuse, meaning there is the potential that the hackers viewed or temporarily accessed the data yet did not use it for nefarious purposes.
How Many PCS Customers Were Impacted by the Breach?
PCS reached out to customers who might have been compromised through a detailed letter. The correspondence acknowledging the attack was sent to upwards of 33,550 people. However, only a tiny fraction of this customer group may be victimized by identity theft criminals. It is also possible that the data of more than 33,000 people were viewed yet not saved, stolen, or sold to other criminals who frequent unscrupulous online forums dedicated to trading stolen information.