OneDigital Data Breach Exposes Client Records
OneDigital Investment Advisors, the Overland Park, Kan.-based advice division of the insurance, talent and financial advisory firm with $151 billion in client assets across wealth and retirement plans, is warning clients that thousands of customer records were affected by a data breach at Salesforce, the firm’s customer relationship management platform.
The breach is the latest in a growing number of alleged cybercrime incidents targeting financial services firms, including Cetera, Hightower, Edelman Financial Engines and others.
In a data breach notification to Maine’s Attorney General’s Office, OneDigital reported that as many as 28,414 people were affected by the alleged breach (including 73 Maine residents).
According to the notice, Salesforce notified OneDigital on Aug. 22 of last year of a possible data security event involving Salesforce and Drift, an online chat agent tool. (OneDigital stressed that its own internal network wasn’t compromised.)
Afterward, OneDigital launched a forensic investigation, determining that between August 12 and August 18, some OneDigital client data stored in Salesforce “was potentially accessed and copied by an unauthorized actor.” The compromised data varied by client but included names and Social Security numbers.
According to the letter OneDigital is sending to affected Maine residents, the firm has “no evidence of misuse” of the information and says it is “reviewing our policies, procedures, and processes related to the storage of sensitive information.” The firm is also offering several months of complimentary credit and identity monitoring services.
OneDigital did not have anything additional to add beyond the notice to Maine’s Attorney General, and Salesforce did not return a request for comment as of press time.
However, a status update about the breach involving the Drift app indicated the breach did not “stem from a vulnerability within the core Salesforce platform, but rather from a compromise” of the Drift connection.
OneDigital is the latest industry firm to fall victim to alleged data breaches, many of which have come to light through class-action lawsuits brought by affected customers. According to a data breach notification, Hightower suffered a data breach around Jan. 8, affecting about 131,483 individuals. Harmed customers also filed class-action lawsuits against Ameriprise and Cetera Financial, while a Mercer Advisors lawsuit claimed the firm failed to keep client information safe from a coordinated data breach by ShinyHunters, an infamous cybercrime extortionist outfit. Other alleged industry victims include Edelman Financial Engines, Beacon Pointe and Pathstone.
ShinyHunters first hit the cybercrime scene in 2020 with several high-profile incursions, using an approach of stealing data and selling it on dark web forums; in recent years, its targets have included Ticketmaster and AT&T. The cybercriminal network has also targeted Salesforce. According to SecurityWeek, last October, an offshoot of the group claimed it stole data from 39 Salesforce customers, including Albertsons, Fujifilm, Qantas and Vietnam Airlines. Around the same time, another offshoot of the group demanded ransom before leaking customer information from Adidas, Air France, Allianz Life, Cisco, Dior, Disney, FedEx, Google, Home Depot, Toyota and UPS (among others).
The RIA is among aggregators (including Captrust, Creative Planning and Mariner) looking to leverage the convergence of retirement plan advice and wealth management. Last year, OneDigital also announced the addition of private market investment options to its personalized portfolio program for 401(k) plan sponsors.