For the second time in a year, LPL Financial has experienced a major technology snafu, this time reporting that hackers “compromised” the logon passwords of 14 financial advisers and four assistants.
The hackers’ goal was to use the passwords to gain access to customer accounts in order to “pump and dump” penny stocks.
The incidents, which began last July, affected 10,219 clients, Boston-based LPL said in a letter dated May 6 to Maryland Attorney General Douglas F. Gansler.
Valuable private client information was at stake, Keith H. Fine, senior vice president and associate counsel of LPL wrote in the letter, as the hackers potentially could get their hands on clients’ unencrypted names, addresses and Social Security numbers.
Information on non-client beneficiaries was also at risk.
“LPL cannot determine whether this information was actually accessed,” the letter said.
The firm intercepted the phony trades and either rejected or reversed them with no losses passed on to clients, the letter said.
It isn’t clear when the hackers stopped penetrating LPL’s system.
The firm was, however, in communication with clients about the matter through March.
In the letter to Mr. Gansler, LPL outlined the steps it has taken to increase data security at the company.
In March it created a new position of chief security/privacy officer.
It has also adopted new policies for its branch offices to define security requirements for its advisers.
“We regret that a small number of our advisers and their clients may have been affected by certain intrusions believed to be ‘pump and dump’ schemes,” LPL spokeswoman Kristen Crofoot wrote in an e-mail message.
Last August, LPL Financial suffered a technology breakdown that for three days prevented its 7,000 representatives and advisers from doing business online with their broker-dealers.
LPL Financial is the largest independent-contractor broker-dealer in the industry. Last year, it reported $3.03 billion in gross revenue.
For the full report, see the upcoming July 14 issue of InvestmentNews.