Breach Notification , Fraud Management & Cybercrime , Incident & Breach Response
SEI Investments: Vendor Hit by Ransomware, Data Leaked
Vendor M.J. Brunner Confirms a Mid-May Cyber IncidentFund administrator SEI Investments Co. acknowledged Monday that it suffered a data breach after one of its vendors was struck with a ransomware attack, resulting in some of its customers’ data being made public by the malicious actors.
See Also: The Expert Guide to Mitigating Ransomware & Extortion Attacks
An SEI spokesperson tells Information Security Media Group that on May 17, the vendor, M.J. Brunner, was hit with ransomware, leading to the data leak.
"We are aware that certain data has been illegally revealed by cybercriminal(s),” the SEI spokesperson says. “We take our clients’ security very seriously, and we are working with Brunner, the FBI and our impacted clients to understand the extent to which SEI’s or our clients’ data has been exposed."
A representative of M.J. Brunner confirmed the incident.
"Brunner can confirm that in the middle of May, our IT staff detected, and interrupted, a security incident involving some of our corporate systems by an unauthorized actor," the representative tells ISMG.
M.J. Brunner responded to the attack by taking several systems offline, the representative says. It also notified the FBI.
The company believes it has contained the situation, he adds. "It should be noted that we have no evidence that any production systems that we maintain on behalf of our clients were compromised, as they are all on separate domains and network infrastructure.”
Pittsburgh-based M.J. Brunner bills itself on its website as an "integrated marketing agency specializing in cross-channel marketing and award-winning creative solutions backed by data.”
SEI: Systems Not Breached
The SEI spokesperson tells ISMG: "We can confirm that the root cause of the attack was not predicated on vulnerability within SEI’s network, and neither our clients’ nor SEI’s network were compromised or attacked as part of this incident,"
The Wall Street Journal reports the ransomware attack on SEI’s vendor resulted in about 100 SEI clients having their data exposed, with the hackers gaining access to user names, emails and in certain cases names, physical addresses as well as contact information associated with SEI’s dashboard.
Angelo Gordon & Co., Graham Capital Management, Fortress Investment Group LLC, Centerbridge Partners and Pacific Investment Management Co. are among the funds administered by SEI Investments that were impacted by the ransomware attack, the Wall Street Journal reports.
Third-Party Risks
Third-party vendors can add certain cybersecurity risks, which must be managed, Tim Wade, technical director for the CTO team at security firm Vectra tells ISMG.
"Managing these risks is critical, and it is imperative that organizations move their supplier security evaluation programs beyond strict compliance objectives and start to really plumb the depths of the actual security practices of these suppliers by verifying functional information and product security programs, evidence of ongoing vulnerability remediation, and the presence of proactive security practices," Wade says.
String of Ransomware Attacks
On July 10, The Office of Compliance Inspections and Examinations warned of an increase in ransomware attacks on SEC-registered entities such as broker-dealers, investment advisers and investment companies. The report advised these entities to inform their third-party service providers who maintain client assets about the increasing risk of ransomware attacks and monitor cybersecurity alerts from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
In March, the London-based financial services company Finastra suffered a ransomware attack that compelled the company to take its IT operations offline to limit further damage to its corporate network (see: Fintech Firm Finastra Recovering From Ransomware Attack).