Cybersecurity Breaches Target Financial Advisors in Recent Months
Financial advisory firms have faced a surge in cyberattacks, with three major incidents reported in late 2023, exposing client data and enabling fraudulent trading schemes.
LPL Financial Breach (September–October 2023)
LPL Financial, the largest U.S. broker-dealer with 32,000 advisors, disclosed a breach on December 26, affecting 53 individuals, including one Maine resident. The company revealed that foreign threat actors compromised advisor accounts to execute a "hack pump-and-dump" scheme, artificially inflating stock prices through unauthorized transactions. LPL contained the incident and reported no ongoing issues, though law enforcement was notified.
Ameriprise Financial Phishing Attack (December 2023)
Ameriprise Financial, with over 10,000 advisors, reported a breach on December 30 after a phishing email tricked an advisor into exposing client data. The fraudulent email, disguised as a legitimate client communication, may have impacted 598 individuals, including 52 in Maine. While no evidence of data misuse was found, Ameriprise offered credit monitoring and emphasized its security measures, including an online security guarantee.
Ashton Thomas Private Wealth Breach (May–September 2023)
Scottsdale-based Ashton Thomas Private Wealth, managing $1.7 billion in assets, notified clients of a breach affecting 1,644 individuals, including three in Maine. Unusual activity in firm email accounts exposed sensitive data, such as children’s names, addresses, birthdates, and Social Security numbers. The firm hired forensic experts and offered credit monitoring to affected clients.
All three firms reported bolstering security measures following the incidents. The breaches highlight the growing threat of cyberattacks targeting financial advisors and their clients.
Source: https://www.advisorhub.com/lpl-ameriprise-ashton-thomas-report-data-breaches-to-maine-regulators/
Ashton Thomas Private Wealth cybersecurity rating report: https://www.rankiteo.com/company/ashton-thomas-private-wealth
LPL Financial cybersecurity rating report: https://www.rankiteo.com/company/lpl-financial
"id": "ASHLPL1768395244",
"linkid": "ashton-thomas-private-wealth, lpl-financial",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '53',
'industry': 'Financial Services',
'location': 'San Diego, California, USA',
'name': 'LPL Financial',
'size': '32,000 advisors',
'type': 'Broker-Dealer'},
{'customers_affected': '598',
'industry': 'Financial Services',
'name': 'Ameriprise Financial',
'size': '10,000+ advisors',
'type': 'Financial Services Firm'},
{'customers_affected': '1,644',
'industry': 'Financial Services',
'location': 'Scottsdale, Arizona, USA',
'name': 'Ashton Thomas Private Wealth',
'size': '$1.7 billion in assets under management',
'type': 'Hybrid Broker-Dealer and RIA'}],
'attack_vector': ['Compromised Online Accounts',
'Phishing Email',
'Unauthorized Email Access'],
'customer_advisories': 'Notification letters sent to affected clients (All '
'Firms)',
'data_breach': {'number_of_records_exposed': '53 (LPL), 598 (Ameriprise), '
'1,644 (Ashton Thomas)',
'personally_identifiable_information': 'Yes (Names, '
'Addresses, DOBs, SSNs '
'- Ashton Thomas)',
'sensitivity_of_data': 'High (SSNs, DOBs, Addresses - Ashton '
'Thomas)',
'type_of_data_compromised': ['Personal Information',
"Children's PII (Ashton "
'Thomas)']},
'date_publicly_disclosed': '2023-12-26 (LPL), 2023-12-30 (Ameriprise), '
'2023-10 (Ashton Thomas)',
'description': 'Financial advisors at multiple firms were targeted by cyber '
'criminals, leading to data breaches involving unauthorized '
'access, phishing scams, and potential exposure of personal '
'information. The incidents involved hacking schemes, phishing '
'attacks, and unauthorized access to email accounts.',
'impact': {'data_compromised': "Personal Information, Client Data, Children's "
'PII (Ashton Thomas)',
'downtime': 'No disruption in service (Ameriprise)',
'identity_theft_risk': 'High (Ashton Thomas - SSNs exposed)',
'systems_affected': ['Advisor Online Accounts (LPL)',
'Advisor Email Accounts (Ameriprise, Ashton '
'Thomas)']},
'initial_access_broker': {'entry_point': 'Online Advisor Accounts (LPL), '
'Phishing Email (Ameriprise), Email '
'Accounts (Ashton Thomas)'},
'investigation_status': 'Ongoing (LPL), Contained (Ameriprise, Ashton Thomas)',
'motivation': ['Financial Gain (Pump-and-Dump Scheme)', 'Data Theft'],
'post_incident_analysis': {'corrective_actions': ['Bolstered safeguards, Free '
'credit monitoring, '
'Enhanced monitoring '
'(Ameriprise)'],
'root_causes': ['Compromised Advisor Accounts '
'(LPL), Phishing (Ameriprise), '
'Unauthorized Email Access (Ashton '
'Thomas)']},
'references': [{'source': "Maine Attorney General's Office"},
{'source': 'ThinkAdvisor'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
"General's Office (All "
'Firms)'},
'response': {'communication_strategy': 'Client notification letters, '
'Regulatory filings (Maine AG)',
'containment_measures': 'Prompt containment (LPL, Ameriprise), '
'Immediate investigation (Ameriprise)',
'enhanced_monitoring': 'Yes (Ameriprise)',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (LPL)',
'remediation_measures': 'Bolstered safeguards, Free credit '
'monitoring for affected clients',
'third_party_assistance': 'Forensic Experts (Ashton Thomas)'},
'threat_actor': 'Foreign Threat Actors (LPL), Unknown (Ameriprise and Ashton '
'Thomas)',
'title': 'LPL Financial, Ameriprise Financial, and Ashton Thomas Private '
'Wealth Data Breaches',
'type': ['Data Breach', 'Phishing', 'Unauthorized Access']}