The Washington State Office of the Attorney General disclosed a data breach involving LPL Financial LLC, where an unauthorized party gained access to an advisor's email account between **July 26 and July 28, 2021**. The incident, reported on **September 30, 2021**, impacted **992 Washington residents**, exposing highly sensitive personal information. Compromised data included **names, Social Security Numbers (SSNs), financial and banking details, health insurance information, and medical records**. The breach stemmed from a targeted compromise of an employee’s email account, likely through phishing or credential theft, enabling attackers to exfiltrate confidential client data. Given the nature of the exposed information—particularly SSNs and financial records—the incident poses severe risks of **identity theft, financial fraud, and long-term reputational harm** to both the affected individuals and LPL Financial. The breach underscores vulnerabilities in email security protocols and the critical need for robust access controls, especially in sectors handling sensitive client data. While the exact motive (e.g., financial gain, espionage) remains undisclosed, the scale and sensitivity of the leaked data classify this as a high-severity incident with potential regulatory and legal repercussions under data protection laws like **HIPAA (for medical data) and state breach notification statutes**.
TPRM report: https://www.rankiteo.com/company/lpl-financial
"id": "lpl1010090725",
"linkid": "lpl-financial",
"type": "Breach",
"date": "7/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '992',
'industry': 'Wealth Management',
'location': 'USA (Washington residents affected)',
'name': 'LPL Financial LLC',
'type': 'Financial Services'}],
'attack_vector': 'Unauthorized Email Access',
'data_breach': {'data_exfiltration': 'Likely (email access implies potential '
'exfiltration)',
'file_types_exposed': ['Emails', 'Attachments (likely)'],
'number_of_records_exposed': '992',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Financial/Banking '
'Details',
'Health Insurance '
'Information',
'Medical Information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'Health Information']},
'date_detected': '2021-07-28',
'date_publicly_disclosed': '2021-09-30',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach by LPL Financial LLC on September 30, 2021, '
"involving unauthorized access to an advisor's email account "
'from July 26 to July 28, 2021. The breach affected 992 '
'Washington residents, potentially exposing several types of '
'personal information including names, Social Security '
'Numbers, financial and banking information, health insurance '
'information, and medical information.',
'impact': {'data_compromised': ['Names',
'Social Security Numbers',
'Financial and Banking Information',
'Health Insurance Information',
'Medical Information'],
'identity_theft_risk': 'High (PII exposed)',
'payment_information_risk': 'High (Financial/Banking Information '
'exposed)',
'systems_affected': ["Advisor's Email Account"]},
'initial_access_broker': {'entry_point': "Advisor's Email Account",
'high_value_targets': ['Client PII',
'Financial Data']},
'references': [{'date_accessed': '2021-09-30',
'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Attorney General'},
'title': 'LPL Financial LLC Data Breach (2021)',
'type': 'Data Breach'}