P2020-ND-150

On or around August 27, 2019, the Organization discovered that unauthorized spam messages containing malicious links had been sent internally from the email accounts of certain financial advisors. The Organization immediately investigated and confirmed that between August 26, 2019 and September 30, 2019, the email accounts of eighteen (18) advisors were compromised because of a phishing campaign, which led to these advisors divulging their user credentials to malicious websites. The Organization reported that there is evidence that the credentials may have been used to access the contents of these mailboxes, which contained personal information belonging to clients. The Organization?s dark net scan did not find evidence to suggest any misuse of the information.