LPL Financial Reports Cybersecurity Breach Affecting 1,581 Clients
LPL Financial disclosed a cybersecurity incident that led to unauthorized securities transactions and financial transfers in some client accounts. The breach, which occurred on November 10, 2025, was discovered 10 days later and reported to Maine’s Attorney General.
The attack stemmed from malware distributed via phishing messages, compromising a limited number of financial advisors’ devices and granting unauthorized access to LPL’s web-based advisor portal. While the firm found no direct evidence that sensitive client data was accessed, it could not rule out the possibility. A total of 1,581 clients were affected, including two in Maine.
Upon discovery, LPL halted the unauthorized activity, secured affected accounts, and restored impacted accounts to their original financial positions. The firm also contacted law enforcement, conducted an internal investigation, and implemented new technical safeguards to strengthen security. No ongoing compromise was detected. Affected clients were offered two years of complimentary Experian credit monitoring.
This incident follows a separate October 2025 breach at LPL, where foreign threat actors exploited advisor accounts in a "hack pump-and-dump" scheme to manipulate stock prices. LPL is among several financial firms including Cetera Financial, Ameriprise, Hightower Advisors, and Edelman Financial Engines targeted by cybercriminals in recent months. The ShinyHunters extortion group, linked to breaches at Ameriprise and Mercer Advisors, has been a recurring threat in these attacks. Many of these incidents have been exposed through class action lawsuits alleging inadequate data protection.
Source: https://www.wealthmanagement.com/financial-cybersecurity/lpl-financial-reports-cybersecurity-breach
Ameriprise Financial Services, LLC cybersecurity rating report: https://www.rankiteo.com/company/ameriprise-financial-services-llc
Hightower Advisors cybersecurity rating report: https://www.rankiteo.com/company/hightoweradvisors
LPL Financial cybersecurity rating report: https://www.rankiteo.com/company/lpl-financial
Edelman Financial Engines cybersecurity rating report: https://www.rankiteo.com/company/edelman-financial-engines
"id": "AMEHIGLPLEDE1777062318",
"linkid": "ameriprise-financial-services-llc, hightoweradvisors, lpl-financial, edelman-financial-engines",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1581',
'industry': 'Investment and Wealth Management',
'location': 'United States',
'name': 'LPL Financial',
'type': 'Financial Services'}],
'attack_vector': 'Phishing (Malware)',
'customer_advisories': 'Affected clients offered two years of complimentary '
'Experian credit monitoring',
'data_breach': {'number_of_records_exposed': '1581',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (financial and personal data)',
'type_of_data_compromised': 'Client account information '
'(possibility of sensitive data)'},
'date_detected': '2025-11-20',
'description': 'LPL Financial disclosed a cybersecurity incident that led to '
'unauthorized securities transactions and financial transfers '
'in some client accounts. The breach stemmed from malware '
'distributed via phishing messages, compromising a limited '
'number of financial advisors’ devices and granting '
'unauthorized access to LPL’s web-based advisor portal.',
'impact': {'data_compromised': 'Possibility of sensitive client data access '
'(not confirmed)',
'financial_loss': 'Unauthorized securities transactions and '
'financial transfers',
'identity_theft_risk': 'High (credit monitoring offered)',
'legal_liabilities': 'Class action lawsuits alleging inadequate '
'data protection',
'operational_impact': 'Halted unauthorized activity, secured '
'affected accounts, and restored impacted '
'accounts',
'systems_affected': 'Web-based advisor portal'},
'initial_access_broker': {'entry_point': 'Phishing messages',
'high_value_targets': "Financial advisors' devices"},
'investigation_status': 'Completed (no ongoing compromise detected)',
'motivation': 'Unauthorized financial transactions',
'post_incident_analysis': {'corrective_actions': 'New technical safeguards '
'implemented',
'root_causes': 'Malware distributed via phishing, '
'compromised advisor devices'},
'references': [{'source': 'Maine’s Attorney General'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuits',
'regulatory_notifications': 'Reported to Maine’s '
'Attorney General'},
'response': {'communication_strategy': 'Notified affected clients, offered '
'credit monitoring',
'containment_measures': 'Halted unauthorized activity, secured '
'affected accounts',
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Restored impacted accounts to original '
'financial positions, implemented new '
'technical safeguards'},
'title': 'LPL Financial Cybersecurity Breach Affecting 1,581 Clients',
'type': 'Cybersecurity Breach',
'vulnerability_exploited': "Compromised financial advisors' devices"}