Cybersecurity and investments
All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth. In
the Meadow, we have a mix of residents. One thing we all have in common is investments. The residents want to retire in luxury, eat caviar, and travel. To follow this dream takes one common element-money. Jerry has the Meadow’s investment firm and manages the funds and futures. Black Rock, Inc. is the world’s largest asset manager. With this title, it is no wonder the target on the firm.
Black Rock was not the victim of an attack, per se. This, however, was still an issue. The compromise was due to human error. Black Rock inadvertently published thousands of advisor’s confidential client data on its public website. This was in located in three spreadsheets. These were available via links on the company’s iShares exchange-traded funds. These links were dated December 5, 2018, however, these may have been posted earlier. Based on this, the issue was not truly an attack in the real-world sense, but more of an oversight.
These spreadsheets did not have an average, boring data. The three spreadsheets did include the financial advisor’s name, and the email addresses for those who purchased Black Rock’s EFT for their clients. One of the three spreadsheets contained more than 12k advisors and their sales representative’s information. In another spreadsheet, the advisor’s were categorized as dabblers or power users. Another column indicated the financial advisor’s club level as being in the Patriot’s or Director’s Club, assumptively based on their sales level. Black Rock is reviewing what happened, which was primarily human error based.
This simple oversight will provide for many awkward moments in the upcoming months. This is much like the holidays when your off uncle stops by, and everyone looks. This does appear to be a simple case of unfortunate human error. When there are sensitive issues within documents or files, there should be some form of a check, even a short and simple one, in place. Without this in place, there is the opportunity for many not-fun future meetings and situations.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Resources
Durden,T. (2019, January 19). Black rock accidentally exposes confidential sales data for thousands of financial advisors. Retrieved from https://www.zerohedge.com/news/201901-19/blackrock-accidentally-exposes-confidential-sales-data-thousands-financial-advisors
Massa, A.(2019, January 19). Black rock exposes confidential data on thousands of
advisors on iShares suite. Retrieved from https://www.msn.com/en-us/money/companies/blackrock-exposes-confidential-data-on-thousands-of-advisors-on-ishares-site/ar-BBSrfx9
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing
pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.