Merrill Lynch is the latest broker-dealer to report a snafu in handling client private data, with the Maine Attorney General's office last week disclosing that Merrill, as the record keeper for Walmart's 401(k) plan, revealed private client information to an "unauthorized recipient" having nothing to do with the plan.
Merrill provides services for the Walmart 401(k) Plan, with 1,883 clients affected by the data breach. They are eligible for two years of Experian Credit Monitoring, according to Maine.
In April, "a Merrill employee inadvertently disclosed personal information to an unauthorized recipient via an isolated email error," according to the Maine Attorney General. "We became aware of this event on April 22, 2024. The personal information included in the email was the first and last name and Social Security number."
The email has since been deleted, and Maine officials in the May 23 notice added that they were not aware of any misuse of the disclosed personal information disclosed.
The Securities and Exchange Commission this month said it was sharpening its focus on cybersecurity breaches at broker dealers and registered investment advisors.
Interactive Brokers, which specializes in equities and options trading, this month notified Massachusetts that it had identified a business email compromise that resulted in the unauthorized access to a limited amount of consumer personal information.
"Financial institutions hold massive amounts of personal client information, including clients' statements of net worth, and bad actors want to target this information for a variety of schemes," said Scott Silver, a plaintiff's attorney. "We're hearing more horror stories along those lines."
"Plus, there are many small 401(k) companies and plan administrators who have sensitive client information and may not all have best in class systems to protect that information," he added. "That's part of what the SEC is looking at."
In a letter to Walmart 401(k) clients, Merrill Lynch on May 23 wrote: "We recommend you take the following steps to help protect your personal information: promptly review your credit reports and account statements over the next 24 months and notify your financial institution of any unauthorized transactions or incidents of suspected identity theft."
"Enroll in the complimentary identity theft protection service offered," according to the letter. "We regret any concern or inconvenience this incident may cause you."
A spokesperson for Merrill Lynch said the firm had no comment beyond the letter to clients.
In a move to modernize regulation around how certain institutions handle customers’ nonpublic personal information, the SEC this month said that it adopted critical amendments to Regulation S-P.
This move is intended to address the growing risks associated with technological advancements since the rule’s initial adoption in 2000. Under the amendments, broker-dealers, investment companies, registered investment advisers, and transfer agents will have to meet new requirements to safeguard customer data.
From outstanding individuals to innovative organizations, find out who made the final shortlist for top honors at the IN awards, now in its second year.
Cresset's Susie Cranston is expecting an economic recession, but says her $65 billion RIA sees "great opportunity" to keep investing in a down market.
“There’s a big pull to alternative investments right now because of volatility of the stock market,” Kevin Gannon, CEO of Robert A. Stanger & Co., said.
Sellers shift focus: It's not about succession anymore.
Platform being adopted by independent-minded advisors who see insurance as a core pillar of their business.
RIAs face rising regulatory pressure in 2025. Forward-looking firms are responding with embedded technology, not more paperwork.
As inheritances are set to reshape client portfolios and next-gen heirs demand digital-first experiences, firms are retooling their wealth tech stacks and succession models in real time.
