Compromised Email Account Leads to Data Breach at Private Client Services, LLC | Console and Associates, PC

Recently, Private Client Services, LLC (“PCS”) confirmed that the company suffered a data breach after an unauthorized party gained access to sensitive consumer information through a compromised employee email account. . According to the PCS, the breach resulted in the compromise of names, social security numbers, driver’s license numbers, and state identification numbers. On May 27, 2022, PCS filed a formal notice of breach and sent data breach letters to all affected parties. In total, the company sent 22,554 letters.

If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself against fraud or identity theft and what your legal options are following the Private Client Services data breach, please see our recent article on the subject. here.

What we know about the Private Client Services data breach

Based on the most recent filings from Private Client Services, LLC, on November 18, 2021, the company discovered suspicious activity on an employee’s email account. In response, PCS has launched an investigation into the incident to determine the nature and extent of the unauthorized activity. This investigation confirmed that an unauthorized party gained access to an employee’s email account between November 4 and November 18, 2021.

After confirming that the company had suffered a data security incident, Private Client Services then sought to determine whether sensitive consumer information was being accessed through the email account.

After discovering that sensitive consumer data was accessible to an unauthorized party, Private Client Services then reviewed the affected files to determine what information was compromised and who was affected. Although the information disclosed will vary depending on the individual, it may include your name, social security number, driver’s license number, and state identification number. As many as 22,554 people are believed to have been affected by the PCS data breach.

On May 27, 2022, Private Client Services sent DATA BREACH NOTICE letters to all individuals whose information was compromised as a result of the incident.

More information about Private Client Services, LLC

Private Client Services, LLC is an independent private broker/dealer and registered investment adviser based in Louisville, Kentucky. Founded in 1990 as Kentucky Financial Group, PCS provides support to financial advisors across the country. In recent years, the company has expanded the services provided to its corporate clients to include clearing services, administrative support services and compliance services. Private Client Services employs approximately 25 people and generates approximately $5 million in annual revenue.

How do hackers gain access to employee email accounts?

Although PCS provided a fair amount of detail regarding the recent breach, the company did not explain how the unauthorized party gained access to the employee’s email account containing the consumer’s sensitive information. Email cyberattacks can occur in several ways. However, the most common type of cyberattack involving unauthorized email access is a phishing attack.

Phishing attacks rely on the principles of social engineering to trick an employee into directly providing information to the hacker or downloading malware that gives the hacker access to the victim’s computer. Phishing attacks begin with the hacker sending a legitimate-looking email asking the recipient to verify their identity or click on a link.

Information obtained through a successful email phishing campaign is often used to commit fraud or identity theft against the victim. While a business is certainly one of the victims of a phishing attack, the real victims are those whose information is stolen in these cyberattacks.

Phishing is very common and is one of the leading causes of data breaches every year. According to a 2021 study, employees in the United States receive an average of 14 malicious emails per year. Some employees, like those in retail, receive an average of 49 malicious emails per year. These attacks are well-designed and appear to come from trusted sources. In fact, 86% of companies had at least one employee who clicked on a phishing link in 2021.

Businesses are aware of the threat posed by phishing attacks. Thus, it is critical that they take appropriate steps to educate all employees about the risks and have robust data security systems in place to detect unauthorized access. Given the high number of phishing attacks in recent years, many companies require their employees to undergo training to help them identify phishing attacks. However, there are also back-end data security measures that organizations can use to reduce the number of phishing emails reaching employee inboxes.