Security Experts Raise Concerns About BlackRock Data Leak

Security experts are still concerned about the BlackRock’s recent data leak may put the advisors whose information was exposed at risk of phishing attacks in the future by various groups of cybercriminals targeting businesses in all sectors.

BlackRock, the world’s largest asset manager, recently posted accidentally personal information of about 20,000 advisers who are its clients. The accidental posting on its iShares ETF website exposed the names, email addresses and other contact information of the said clients. These advisers include 12,000 from LPL Financial, the largest independent broker in the U.S.

Leak Was A Human Error

In its emailed statement, BlackRock admitted the error, adding that the sales-related documents were only “exposed for a short period,” but “promptly removed.” It also said that the information is related to 20,000 US independent advisers.

The asset manager also stressed that the leaked data disclosed no sensitive details. It added that the leak does not include “ticker- or portfolio-level holdings” data.

On its part, LPL informed its advisers about the data leak and added that the inadvertent posting affected advisers connected with Blackrock’s iShares exchange-traded funds (ETF) business.

BlackRock and LPL are the latest financial companies involved in a data issue that affects an important sector of their business. BlackRock runs the world’s largest ETF business, making ETF sales vital to the company.

Cybercriminals Target Financial Firms

Even though BlackRock said the leak resulted from human error, analysts are still concerned cyberattacks. Cyber-criminals often target the financial sector, especially the giant firms like BlackRock and JP Morgan Chase. In 2014, JP Morgan Chase was the target of a massive attack that has stolen the data of 76 million US households and 7 million small businesses.

Chris Boyd, a lead malware intelligence analyst for Malwarebytes said that the details could be a “spammer’s goldmine” and might be later used to carry out a series of attacks on the investors.

Boyd said hackers could use the contact information of investors taken from the leaked data can expose the victims to cold calling, phishing, or malware attacks through email.

Last December, “London Blue,” a Nigerian-based cyber gang, were able to infiltrate the UK as part of its campaign to target CFOs in various companies.