American Funds urges new client passwords over Heartbleed

Parent Capital Group says has no information indicating client accounts hacked

Apr 16, 2014 @ 3:02 pm

heartbleed, cybersecurity, american funds, capital group, hackers, google
+ Zoom

The Capital Group Cos., the third-largest manager of U.S. mutual funds, urged 800,000 customers to change account passwords and other information to protect themselves from risk caused by the Heartbleed computer bug.

The bug may have exposed some customers who accessed their accounts on the website for the firm's American Funds mutual funds between Dec. 12 and April 14, said Chuck Freadhoff, a spokesman for the firm. The company Thursday recommended in an e-mail to those clients that they change their user information, password, security image and questions, and delete their browsing history and “cookies.”

(See also: 'Heartbleed' cybersecurity threat looms over advisers and clients)

“Through an outside vendor there was with Heartbleed a vulnerability that gave a view to information flowing through that vendor's servers,” Mr. Freadhoff said. “We are doing this out of an abundance of caution,” he said, adding that the company had no information indicating accounts had been accessed by hackers.

Heartbleed, which was recently discovered by technology researchers and made public on April 7, prompted security experts to urge consumers to change their Internet passwords, even as Google Inc., Facebook Inc. and large banks said they weren't affected. The bug can expose people to hacking of their passwords and other sensitive information.

PROGRAMMING ERROR

The Federal Financial Institutions Examination Council, made up of representatives from the Federal Reserve Board of Governors, the Consumer Financial Protection Bureau and other U.S. regulators, said last week that systems operating a widely used encryption technology called OpenSSL are at risk of being hacked.

The flaw stemming from a two-year-old programming mistake was discovered by researchers from Google and Codenomicon Ltd., a technology security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon. It isn't known whether malicious hackers were aware of the bug and exploiting it, the researchers wrote.

Bloomberg News reported April 11 that the National Security Agency knew about the bug for two years and made it part of its hacking toolkit for information gathering. The NSA has since denied that it knew of the bug before an April 7 report by the private security researchers.

Capital Group manages $1.3 trillion for clients, including $1.1 trillion in its American Funds lineup, according to the company and data compiled by research firm Morningstar Inc. Only The Vanguard Group Inc.and Fidelity Investments oversee more in mutual funds.

Capital Group's largest fund is the $138 billion Growth Fund of America, according to data compiled by Bloomberg. The firm operates more than 50 million shareholder accounts, Mr. Freadhoff said.

(Bloomberg News)

0
Comments

What do you think?

View comments

Recommended for you

Featured video

INTV

Ed Slott: Tax strategies to help clients take advantage of market declines

When the markets decline or are volatile, it is an opportunity to put a few retirement savings strategies to work, according to Ed Slott, founder of Ed Slott's Elite IRA Advisor Group.

Latest news & opinion

Plaintiffs win in Tibble vs. Edison 401(k) fee case

After a decade of activity around the lawsuit, including a hearing before the U.S. Supreme Court, judge rules a prudent fiduciary would have invested in institutional shares.

Advisers get more breathing room to make Form ADV changes

RIAs can enter '0' in some new parts of the document before their annual filing next year.

Since banking scandal, Wells Fargo advisers with more than $19.2 billion leave firm

Despite a trying year, the firm has said it will sweeten signing bonuses for veteran advisers.

Is LPL's deal sweet enough for NPH's 3,200 reps and advisers?

They will have to decide if the signing package they are being offered by LPL makes sense. A lot is hanging in the balance.

Eduardo Repetto to leave Dimensional Fund Advisors

Gerald O'Reilly, currently co-CIO, will take over as co-CEO with David Butler.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print