In the wake of a security breach that affected more than 10,000 clients, LPL Financial has taken several steps to increase data protection.
Last week,
InvestmentNews reported that for the second time in less than a year, the Boston-based company experienced a major technology snafu, this time reporting that hackers "compromised" the login passwords of 14 financial advisers and four assistants.
The hackers' goal was to use the passwords to gain access to customer accounts in order to "pump and dump" penny stocks, according to LPL officials.
The incidents, which began last July, affected 10,219 clients, LPL Financial said in a May 6 letter to Maryland Attorney General Douglas F. Gansler.
LPL Financial since then has beefed up its security, including increasing the profile of data security within the company at all levels — up to and including senior management.
In March, it hired Marc Loewenthal as chief security/privacy officer, a new position. In April, the firm implemented a new information privacy and security program.
It has also adopted new policies for its branch offices to define security requirements for its advisers.
Protecting client passwords and other information is a major concern of the industry and its regulators. The Financial Industry Regulatory Authority Inc. of New York and Washington in January warned investors about "phishing" scams, in which a fraudster uses spam e-mail to lure an investor into revealing brokerage account information, including passwords.
In the LPL Financial matter, valuable client information was at stake, Keith H. Fine, senior vice president and associate counsel of LPL, wrote in the letter, as the hackers potentially could get their hands on clients' unencrypted names, addresses and Social Security numbers.
Information on non-client beneficiaries was also at risk.
"LPL cannot determine whether this information was actually accessed," Mr. Fine wrote in the letter.
The firm intercepted the phony trades and either rejected or reversed them with no losses passed on to clients, according to the letter.
It isn't clear when the hackers stopped penetrating LPL Financial's system.
The firm was, however, in communication with clients about the matter through March.
In the letter to Mr. Gansler, LPL Financial outlined the steps it has taken to increase data security at the company.
"We regret that a small number of our advisers and their clients may have been affected by certain intrusions believed to be 'pump and dump' schemes," LPL spokeswoman Kristen Crofoot wrote in an e-mail message.
Last August, LPL Financial suffered a technology breakdown that for three days prevented its 7,000 representatives and advisers from doing business online with their broker-dealers.
LPL Financial is the largest independent-contractor broker-dealer in the industry. Last year, it reported $3.03 billion in gross revenue.
E-mail Bruce Kelly at [email protected].
