Data breach incident has been contained, says InvestorCOM

Wealth tech provider working with impacted clients following immediate forensic investigation

Data breach incident has been contained, says InvestorCOM

Amid revelations of a cybersecurity breach at a third-party software provider that impacted itself and several of its clients, InvestorCOM has confirmed it is exerting efforts to contain the incident.

“Upon discovering this incident, we immediately engaged a team of external cybersecurity experts to conduct a forensic investigation and take the necessary steps to address the issue,” David Reeve, CEO of InvestorCOM, said in a statement. “Our systems are secure and have at all times remained operational and we continue to offer services to our clients.”

The breach, which was initially covered on Monday by The Logic, was a hack into the systems of Minnesota-based Fortra LLC.

A blog post from the company outlined explained how on January 30, it became aware of suspicious activity within certain instances of its GoAnywhere managed file transfer service, which it provides as a third-party secure data transfer solution.

The subsequent investigation revealed an unauthorized party had used a zero-day remote code execution vulnerability to access certain GoAnywhere customers’ systems. The vulnerability was used to create unauthorized user accounts in some of the GoAnywhere solutions’ customer environments.

“For a subset of these customers, the unauthorized party leveraged these user accounts to download files from their hosted [GoAnywhere solution] environments,” Fortra said. “As the investigation unfolded, we were made aware the same [vulnerability] was used against a small number of on-premise implementations running a specific configuration of the GoAnywhere MFT solution.”

The breach has impacted organizations other than InvestorCOM, including Procter and Gamble, Rubrik, and the city of Toronto.

“We have confirmed that the incident did not have an impact on our own systems other than the SFTP system which hosted the GoAnywhere application,” Reeve said, noting that the incident has been contained.

From its investigation, InvestorCOM determined some information related to a small number of its clients was affected. “We have notified all impacted clients and are working closely with them,” Reeve said.

Preliminary reports on the breach confirmed clients at Mackenzie Investments were affected. Publicized statements from the firm indicate that it immediately took steps to launch a forensic investigation, and discovered some personal information of current and former investors was compromised; no financial information, such as client holdings and account balances, was exposed.

Other companies, including Edward Jones, Franklin Templeton Canada, have reportedly been affected and are likewise taking steps to better protect clients’ information.

WP was unable to identify other firms that have been impacted as of press time.

WP also reached out to New SRO for comment on the incident. “We are aware of the data breach of some investment product manufacturers, which New SRO does not regulate, whose products were distributed through our dealer members,” a spokesperson said in an emailed statement. “Right now we’re focused on understanding the scope of the potential impact to clients of our member firms.”

In its Compliance Priorities Report for 2022/2023 issued in March, New SRO highlighted cybersecurity risk as a top priority for its member firms. To help its members stay compliant, the organization offers a free cybersecurity self-assessment tool originally published in 2022, which is now also available for mutual fund dealers, upon request.

“We sincerely apologize for any inconvenience or concern this incident may have caused,” Reeve said. “We are dedicated to maintaining the highest levels of security and privacy.”