​Equity Concepts Breached by an Unknown Hacker; Sensitive Data Probably Stolen

At a Glance

Equity Concepts, on its website, announced about a security incident involving its clients’ email accounts. The security incident was a result of an unauthorized individual gaining access to some of its employees’ email accounts.

The Big Picture

Equity Concepts discovered a security incident involving some of its clients’ email accounts on September 11, 2018. Upon discovery, Equity Concepts carried out the investigation, secured the email accounts and retained a leading forensics and security firm to help them with the investigation. The investigation revealed that an individual gained unauthorized access to some of Equity Concepts’ employees’ email account and may have downloaded the contents of the employees’ email accounts.

In the notice, Equity Concepts revealed,

• On November 1, 2018, after thorough investigations and review of the contents of the email accounts, they determined that the probable information stolen included client information such as names, contact details, financial account numbers, medical details, and in some cases the social security numbers.
• Their internal network and client file systems were not accessed as they are distinct from our email systems.
• The company have begun notifying our clients about the incident from November 29, 2018 onwards, via first class mail.
• They are offering individuals whose Social Security Numbers may have been accessed with one-year complimentary credit monitoring and identity theft protection services.

What are the preventive measures taken?

• Equity Concepts has enhanced their security measures which include mandating their employees to use two-factor authentication when accessing their email accounts from outside their office.
• The company is requesting their clients to review their account statements for any unauthorized activity and report such activity to Equity Concepts, even though there is no evidence that the sensitive information in the email is compromised / misused.
• The company will also be conducting training and educational programmes on email security for their employees.

Equity Concepts also wrote in the notice posted on their website, that they have established a dedicated call center for answering all the questions from their clients.