In recent news, Liberty Partners Financial Services, LLC (“Liberty Partners”) announced that an unauthorized party gained access to an employee’s email account, compromising sensitive financial information belonging to certain individuals. According to Liberty Partners, the information disclosed includes the names of the parties involved, as well as one or more of the following: date of birth, Social Security number, driver’s license number, state identification number, passport number, bank account number, credit or debit card number, biometrics, medical information, and health insurance information. On April 22, 2022, Liberty Partners sent data breach letters to everyone whose information was compromised in the breach.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what legal options are available to you following the Burkhart Dental Supply data breach, please see our recent article on the topic. here.
What we know about the Liberty Partners Financial Services data breach
Although the Liberty Partners data breach happened over seven months ago, the company only recently released details of the incident. Evidently, Liberty Partners Financial Services first detected that an unauthorized party may have accessed an employee’s email account on September 17, 2021. In response, the company brought in outside consultants in cybersecurity to investigate the incident. This investigation confirmed that several employee email accounts had been accessed by an unauthorized party and that these accounts contained sensitive consumer data.
Liberty Partners Financial Services then began reviewing the emails and attachments to determine what information had been compromised and to whom it belonged. This process was completed on March 30, 2022. Although the information compromised will vary depending on the individual, it may include names, dates of birth, social security numbers, driver’s license numbers/ID numbers. State, passport numbers, financial account of your parties involved. numbers, routing numbers, payment card numbers, CVV/card expiration dates, biometrics, medical information and health insurance information.
On April 22, 2022, Liberty Partners sent data breach letters to anyone whose information was compromised as a result of the breach.
Founded in 2004, Liberty Partners Financial Services, LLC is a financial services company based in Bakersfield, California. The company is a FINRA-registered broker-dealer, an SEC-registered investment adviser and a full-service insurance agency. Liberty Partners provides investment advice, estate planning and charitable planning services to clients across the United States. Liberty Partners Financial Services has approximately 41 employees and generates annual revenue of $56 million.
How do hackers gain access to an employee’s email account?
Although Liberty Partners has provided a fair amount of information about the recent breach, one aspect of the incident that the company has not disclosed is how the unauthorized party gained access to employee email accounts. There are several ways for hackers or other cybercriminals looking to steal consumer information to gain access to employee email accounts.
Phishing is perhaps the most common and well-known way for hackers to gain access to an employee’s email account. Phishing describes a type of cyberattack in which a malicious actor sends an apparently legitimate email. In the email, the hacker relies on the principles of social engineering to “trick” the employee into providing their login credentials or downloading malware. According to the Identity Theft Resource Center, in 2021, a third of all cyberattacks involved phishing.
Brute force attacks
A brute force attack is a type of cyberattack in which hackers insert previously stolen username-password combinations into software that tries the combinations on a large number of sites. Brute force attacks are one of the reasons why it’s so important to change your password for all of your online accounts after a password has been compromised.
Old fashioned guesswork
Hackers also have access to databases of commonly used passwords. However, hackers don’t just sit at their computers and figure out password combinations themselves; they use robots capable of entering thousands of passwords per hour. Over time, it is possible for hackers to gain access with little or no knowledge of the account holder.
Of course, companies can and should use data security systems that prevent these types of attacks. For example, many accounts lock out a user if they guess the wrong password a certain number of times. From there, the account can only be reactivated with an administrator’s approval. Companies that fail to maintain robust data security systems put consumer data in their possession at unnecessary risk of exposure.