A second lawsuit has been brought against Mercer Advisors in the aftermath of last month’s cyberattacks from criminal hacking group ShinyHunters targeting several large RIAs.
John Amick filed the second class action complaint on March 6 against Mercer, which allegedly had 5.7 million individual internal records exposed in a cyber breach that occurred in mid-February. Amick’s lawsuit follows a similar class action complaint filed March 2 by Paul Berger, both of which allege Mercer refused to pay a ransom to ShinyHunters who then leaked client information to the dark web after their demands were not met.
Mercer is alleged to have sent an email notice to the plaintiff on February 25 saying the firm recently identified unauthorized access to some of its systems used to store client data. The exposed customer information allegedly included names, contact information, full or partial social security numbers, emergency contacts, legal documents, and other personal info.
A spokesperson for Mercer declined to comment for this story. The lawsuits claim that Mercer “failed to comply with FTC guidelines and industry best practices” to protect client’s personal information—including failure to implement or maintain multi-factor authentication, credential protection measures, regular security audits and risk assessments.
“Despite the sensitivity of the PII and the heightened risk profile of wealth-management clients, Mercer’s data-security measures were insufficient to prevent or promptly detect the ShinyHunters attack,” reads Amick’s complaint.
The plaintiffs are seeking “damages, including compensatory, punitive, and/or nominal damages, in an amount to be proven at trial” against Mercer, which manages over $96 billion in client assets. Other wealth management firms to have their systems attacked last month by ShinyHunters included Pathstone Family Office and Beacon Pointe Advisors. Industry publication Cybernews posting screenshots of extortion threats from ShinyHunters against the RIAs.
Pathstone, which manages roughly $170 billion in assets, did not respond to a request for comment by press time. ShinyHunters has previously carried out cyber attacks against Google, Adidas, Allianz Life, Cisco, Farmers Insurance Group and Workday, among other companies.
A spokesperson for Beacon Pointe, which manages about $60 billion in client assets, sent the below statement saying the recent data breach impacted less than 0.5% of its clients.
“Beacon Pointe was targeted by an unauthorized bad actor, but our security systems worked as designed to contain the scope of the incident. The incident affected an extremely small percentage of our client base – less than 0.5%. Those clients were notified weeks ago, and we deployed proactive measures to protect their accounts.”
Choice anxiety, prestige bias, and the temptation to make selections based on outsourced confidence are just some of the parallels between investing and the world of wine tasting.
Regulators found Bank of America's monitoring software had a known flaw Merrill left uncorrected for years.
While AI has become a go-to research tool for affluent investors, new HSBC research suggests human advisors remain the deciding voice when investment decisions are made.
A 5-4 ruling preserves the Federal Reserve's independence for now, but the legal fight over presidential removal power is far from settled.
For years, large firms have been facing penalties and questions from regulators over interest rates for clients’ cash accounts.
Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income
Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.
