Hackers have infiltrated a London-based fund administrator and custodian’s IT system, potentially putting customers’ personal data at risk.
Mainspring notified clients earlier this week it had suffered a data breach, following a targeted ransomware attack on the morning of 12 July.
It is the largest provider of outsourced custodian and nominee services in the enterprise investment space (EIS), counting Mercia Asset Management and Parkwalk Advisers among its clients. In 2020, it acquired the Share Centre’s EIS division.
Clients were told that all their assets and money remain safe, but that it is possible some of their personal data may have been compromised.
This includes everything from names to residential addresses, work emails, location data and, in some cases, corporate bank details and investment holdings.
The incident has been reported to Action Fraud UK, the Financial Conduct Authority and the Information Commissioner’s Office.
‘Some data has been exfiltrated’
So far, Mainspring has not been able to determine how the hackers infiltrated its system or how many people have been affected by the data breach.
But, on Wednesday, it said early findings from its investigation had revealed “some data has been exfiltrated from the IT system”.
“We don’t yet know the extent of this or whether investor/contact data was included,” it said in the update. “Our advice to impacted parties remains the same and to continue being vigilant for suspicious or unusual activities.”
See also: FCA requirements could hinder DFM remote working plans