A data protection breach at Scalable Capital resulted in the theft of sensitive information, including the identification, tax, and account information of about 20,000 clients.
A letter that stated there had been an unauthorized access to private client information in its document archive was used to notify the impacted clients of the issue.
The company claimed that during the incident, access was made to contact information, securities accounts, tax identity numbers, accounts with other banks, and ID details.
Since there is no externally exploitable security hole in its system, the robo-adviser believes the leak was caused by extensive insider knowledge.
Source: https://international-adviser.com/robo-advice-firm-suffers-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/scalable-capital
"id": "sca0408523",
"linkid": "scalable-capital",
"type": "Breach",
"date": "10/2020",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 20000,
'industry': 'Financial Services',
'name': 'Scalable Capital',
'type': 'Company'}],
'attack_vector': 'Insider Threat',
'customer_advisories': 'Notified affected clients via letter',
'data_breach': {'number_of_records_exposed': 20000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Identification information',
'Tax information',
'Account information',
'Contact information',
'Securities accounts',
'Tax identity numbers',
'Accounts with other banks',
'ID details']},
'description': 'A data protection breach at Scalable Capital resulted in the '
'theft of sensitive information, including the identification, '
'tax, and account information of about 20,000 clients. '
'Affected clients were notified via a letter stating there had '
'been unauthorized access to private client information in its '
'document archive. The company claims that access was made to '
'contact information, securities accounts, tax identity '
'numbers, accounts with other banks, and ID details. The '
'robo-adviser believes the leak was caused by extensive '
'insider knowledge.',
'impact': {'data_compromised': ['Identification information',
'Tax information',
'Account information',
'Contact information',
'Securities accounts',
'Tax identity numbers',
'Accounts with other banks',
'ID details']},
'post_incident_analysis': {'root_causes': 'Extensive insider knowledge'},
'response': {'communication_strategy': 'Notified affected clients via letter'},
'threat_actor': 'Insider',
'title': 'Data Protection Breach at Scalable Capital',
'type': 'Data Breach'}