In recent news, Liberty Partners Financial Services, LLC (“Liberty Partners”) announced that an unauthorized party gained access to an employee’s email account, compromising sensitive financial information belonging to certain individuals. According to Liberty Partners, the leaked information includes affected parties’ names, as well as one or more of the following: date of birth, Social Security number, driver’s licenses number, state identification number, passport number, bank account number, credit or debit card number, biometric data, medical information, and health insurance information. On April 22, 2022, Liberty Partners issued data breach letters to all individuals whose information was compromised in the breach.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Burkhart Dental Supply data breach, please see our recent piece on the topic here.
What We Know About the Liberty Partners Financial Services Data Breach
Although the Liberty Partners data breach occurred more than seven months ago, the company only recently released details of the incident. Evidently, Liberty Partners Financial Services first detected that an unauthorized party may have accessed an employee’s email account back on September 17, 2021. In response, the company enlisted the assistance of outside cybersecurity consultants to investigate the incident. This investigation confirmed that multiple employee email accounts were accessed by an unauthorized party and that these accounts contained sensitive consumer data.
Liberty Partners Financial Services then began to review the emails and attachments to determine what information was compromised and to whom it belonged. This process was completed on March 30, 2022. While the compromised information varies based on the individual, it may include your affected parties’, names, dates of birth, Social Security numbers, driver’s license/state identification numbers, passport numbers, financial account numbers, routing numbers, payment card numbers, card CVV/expiration dates, biometric data, medical information, and health insurance information.
On April 22, 2022, Liberty Partners sent out data breach letters to anyone whose information was compromised as a result of the breach.
Founded in 2004, Liberty Partners Financial Services, LLC is a financial services company based in Bakersfield, California. The company is a FINRA-registered broker dealer, SEC-registered investment advisor, and full-service insurance agency. Liberty Partners provides investment advice, estate planning and charitable planning services to its clients across the United States. Liberty Partners Financial Services has approximately 41 employees and brings in $56 million in annual revenue.
How Do Hackers Get Access to an Employee’s Email Account?
While Liberty Partners provided a good amount of information about the recent breach, one aspect of the incident the company did not divulge is how the unauthorized party gained access to the employees’ email accounts. There are a few ways that hackers or other cybercriminals looking to steal consumer information can access employee email accounts.
Perhaps the most common and most well-known way for hackers to gain access to an employee’s email account is through phishing. Phishing describes a type of cyberattack in which a malicious actor sends a seemingly legitimate email. In the email, the hacker relies on social engineering principles to “trick” the employee into either providing them with their login credentials or downloading malware. According to the Identity Theft Resource Center, in 2021, a third of all cyberattacks involved phishing.
Brute Force Attacks
A brute force attack is a type of cyberattack in which hackers plug in previously stolen username-password combinations into software that tries the combinations on a large number of sites. Brute force attacks are one of the reasons why it is so important to change your password to all your online accounts after a password is compromised.
Hackers also have access to databases of the most commonly used passwords. However, hackers don’t sit at their computers and guess password combinations themselves; they use bots that can plug in thousands of passwords an hour. Over time, it is possible for hackers to gain access with little to no knowledge of the account holder.
Of course, companies can—and should—employ data security systems that prevent these types of attacks. For example, many accounts will lock a user out if they guess the incorrect password a certain number of times. From there, the account can only be re-activated with an administrator’s approval. Companies that fail to maintain robust data security systems put the consumer data in their possession at unnecessary risk of exposure.