Merrill Lynch is the latest broker-dealer to report a snafu in handling client private data, with the Maine Attorney General's office last week disclosing that Merrill, as the record keeper for Walmart's 401(k) plan, revealed private client information to an "unauthorized recipient" having nothing to do with the plan.
Merrill provides services for the Walmart 401(k) Plan, with 1,883 clients affected by the data breach. They are eligible for two years of Experian Credit Monitoring, according to Maine.
In April, "a Merrill employee inadvertently disclosed personal information to an unauthorized recipient via an isolated email error," according to the Maine Attorney General. "We became aware of this event on April 22, 2024. The personal information included in the email was the first and last name and Social Security number."
The email has since been deleted, and Maine officials in the May 23 notice added that they were not aware of any misuse of the disclosed personal information disclosed.
The Securities and Exchange Commission this month said it was sharpening its focus on cybersecurity breaches at broker dealers and registered investment advisors.
Interactive Brokers, which specializes in equities and options trading, this month notified Massachusetts that it had identified a business email compromise that resulted in the unauthorized access to a limited amount of consumer personal information.
"Financial institutions hold massive amounts of personal client information, including clients' statements of net worth, and bad actors want to target this information for a variety of schemes," said Scott Silver, a plaintiff's attorney. "We're hearing more horror stories along those lines."
"Plus, there are many small 401(k) companies and plan administrators who have sensitive client information and may not all have best in class systems to protect that information," he added. "That's part of what the SEC is looking at."
In a letter to Walmart 401(k) clients, Merrill Lynch on May 23 wrote: "We recommend you take the following steps to help protect your personal information: promptly review your credit reports and account statements over the next 24 months and notify your financial institution of any unauthorized transactions or incidents of suspected identity theft."
"Enroll in the complimentary identity theft protection service offered," according to the letter. "We regret any concern or inconvenience this incident may cause you."
A spokesperson for Merrill Lynch said the firm had no comment beyond the letter to clients.
In a move to modernize regulation around how certain institutions handle customers’ nonpublic personal information, the SEC this month said that it adopted critical amendments to Regulation S-P.
This move is intended to address the growing risks associated with technological advancements since the rule’s initial adoption in 2000. Under the amendments, broker-dealers, investment companies, registered investment advisers, and transfer agents will have to meet new requirements to safeguard customer data.
Blue Anchor Capital Management and Pickett also purchased “highly aggressive and volatile” securities, according to the order.
Reshuffle provides strong indication of where the regulator's priorities now lie.
Goldman Sachs Asset Management report reveals sharpened focus on annuities.
Ahead of Father's Day, InvestmentNews speaks with Andrew Crowell.
Cerulli research finds nearly two-thirds of active retirement plan participants are unadvised, opening a potential engagement opportunity.
Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today’s choppy market waters, says Myles Lambert, Brighthouse Financial.
How intelliflo aims to solve advisors' top tech headaches—without sacrificing the personal touch clients crave
