Massive Data Breach Exposes Billions: Action Steps for Advisors

Oct 9, 2024 / By Michael Hobbs
Horsesmouth Senior Editor
Print AAA
Add to My Archive
My Folder

My Notes
Save
HackTalk: A massive data breach demonstrates the need for advisors to take steps to protect yourselves—and your clients—from criminals who may use the stolen information. Also covered: Steps college students need to take to tighten their cybersecurity.

HackTalk is a long-running monthly podcast with Horsesmouth Editor-in-Chief Sean Bailey and Associate Editor Devin Kropp, co-authors of Hack-Proof Your Life Now!, which covers the latest cybersecurity threats and issues advisors need to know to protect themselves and their clients. Here are highlights from a recent HackTalk conversation.

Key takeaways

  • The National Public Data Company suffered a massive data breach affecting nearly three billion records.
  • Most people are likely affected at some level by this breach.
  • The breach compromised sensitive personal information including names, addresses, social security numbers, and historical data—data that is commonly used for identify authentication in financial transactions.
  • Financial advisors need to reassess and update their security protocols for client accounts.
  • Clients should be encouraged to freeze their credit reports and implement two-factor authentication on all financial accounts.
  • Regular monitoring of credit reports is crucial, even for those with frozen credit.
  • The breach highlights vulnerabilities even among companies specializing in data management.
  • Advisors should operate under the assumption that their clients’ sensitive information is already compromised.
  • This breach presents an opportunity for financial advisors to demonstrate their value by guiding clients through enhanced security measures.

A recent data breach at a firm called the National Public Data Company emphasizes the need for advisors to implement data-protection measures in their own work, and to ensure clients do the same.

With nearly three billion records compromised, this breach stands as one of the most significant in recent history, affecting countless individuals and posing unique challenges for financial advisors and their clients.

“Yet another data breach we hear in the news, and unfortunately this one is pretty massive,” says Kropp.

The scale and scope of the breach

The National Public Data Company, a little-known but pivotal player in the background check industry, suffered a breach that began in December 2023. However, the actual data leakage didn’t begin until April 2024, but continued undetected for almost six months before being exposed through a class-action lawsuit.

The compromised data is extensive and deeply personal. It includes names, addresses, phone numbers, email addresses, social security numbers and dates of birth. Perhaps more alarmingly, it also contains alternative names and old addresses, information that credit report companies may use when authenticating your identity over the telephone.

The pervasive nature of this breach cannot be overstated. “Most people are affected at some level from this breach,” Devin says.

For financial advisors, this breach represents more than just another cybersecurity incident. It strikes at the heart of how we verify identities and secure accounts. The comprehensive nature of the leaked data potentially undermines common security measures used across the financial sector.

Devin: “We have to all operate under the assumption that our data has been compromised more than once, and nobody else is going to protect us from these hacks and breaches and what the criminals then do with this information.”

Action plan for financial advisors

In light of this breach, financial advisors must take immediate and ongoing actions to protect their clients:

  1. Client notification: Inform your clients about the breach and its potential implications.
  2. Security protocol review: Reassess and update security measures for client accounts.
  3. Enhanced authentication: Implement stronger, multi-factor authentication methods that don’t rely solely on personal information.
  4. Regular security audits: Conduct frequent reviews of client accounts for any suspicious activity.
  5. Client education: Provide guidance on proactive cybersecurity measures.

Protecting your clients

Advisors should recommend the following steps to their clients:

  • Credit freezes: Encourage clients to freeze their credit reports to prevent unauthorized access.
  • Two-factor authentication: Insist on its use for all financial accounts.
  • Transaction alerts: Set up notifications for any account activity.
  • Credit monitoring: Advise regular checks of credit reports.

Devin: “If you haven’t taken action, you need to do so by freezing your credit, by having those text alerts or any kind of bank or credit card, you have to make sure that nothing’s going on, having two-factor authentication on your accounts. … You are entitled to one free credit report from each credit bureau each year, and I would recommend just monitoring those, even if your credit is frozen.”

Kropp expresses skepticism about rapid regulatory changes that would protect people from data breaches: “While we hear, when breaches like this happen, we hear from experts and lawmakers that we need stronger regulations on cybersecurity and we need better data practices and blah, blah, blah. We know that not much has happened in that space.”

The breach also highlights the vulnerabilities even within companies specializing in data management, she says.

Devin: “A sister company of national public data inadvertently published passwords to its backend database in a file that was available to anyone on their homepage.” This lapse underscores the need for vigilance at all levels, she says.

Looking ahead

As the financial industry grapples with the fallout from this breach, it’s clear that cybersecurity must be at the forefront of every advisor’s mind.

Sean: “As we’ve been saying for quite a number of years now, you need to operate on the assumption that your most sensitive information, such as your Social Security number, is already out there, so you’re acting to prevent that information being abused more than anything else since it’s already been taken.”

Financial advisors play a crucial role in not just managing assets, but also in safeguarding their clients’ financial identities. By staying informed, implementing robust security measures, and educating clients, advisors can help mitigate the risks posed by this and future breaches.

The National Public Data Company breach presents an opportunity for financial advisors to demonstrate their value by guiding clients through these turbulent digital waters. By taking proactive steps and staying ahead of cybersecurity trends, advisors can protect their clients’ financial well-being and strengthen their trust relationships in an increasingly volatile digital landscape.

Cybersecurity 101: Protecting college students in the digital age

As financial advisors, your role in safeguarding your clients’ assets extends to their families, including college-bound children. With the increasing digitization of higher education, cybersecurity has become a crucial yet often overlooked aspect of the college experience.

Devin: “A lot of college students are going to campus for the first time this year, and that comes with a lot of new responsibilities and one overlooked area: Cybersecurity.”

The digital campus

Today’s college experience is deeply intertwined with technology.

Devin: “So much of our information and the college experience is online, people are accessing online textbooks and syllabi online and doing coursework online, and so much of the college experience is built into this kind of digital lifestyle.”

This digital immersion presents unique cybersecurity challenges that students and their families need to address.

Key cybersecurity measures for college students

  1. Phishing awareness: Educate students about the dangers of phishing emails. Kropp mentions, “A lot of universities will do, like phishing kind of tests out to students and staff.” Encourage students to participate in these tests and stay vigilant.
  2. Password security: Stress the importance of strong, unique passwords, especially for accounts containing sensitive information like financial aid details.
  3. Two-factor authentication: As Kropp advises, “Implementing two-factor authentication on those accounts” is crucial for adding an extra layer of security.
  4. Regular backups: “Backing up their data, that’s something that is important from a cybersecurity perspective,” Kropp states. This protects against data loss from both technical failures and potential cyberattacks.
  5. VPN usage: “Some colleges and universities will have a VPN, so making sure they understand what that means and how to use it,” Kropp suggests. For schools that don’t provide VPNs, consider recommending a reliable option.
  6. Public Wi-Fi awareness: Teach students the risks of using public Wi-Fi and how to distinguish between secure and unsecured connections.

Advisor action plan

As a financial advisor, consider these steps to help protect your clients’ college-bound children:

  1. Include cybersecurity discussions in your client meetings, especially when planning for college expenses.
  2. Provide a cybersecurity checklist for college students as part of your service offering.
  3. Offer to review and advise on cybersecurity measures for students’ financial accounts, including scholarship and financial aid portals.
  4. Stay informed about the latest cybersecurity threats targeting students and share this information with your clients.

By addressing these cybersecurity concerns, you’re not only protecting your clients’ children but also demonstrating the comprehensive value you provide as a financial advisor.

IMPORTANT NOTICE
This material is provided exclusively for use by Horsesmouth members and is subject to Horsesmouth Terms & Conditions and applicable copyright laws. Unauthorized use, reproduction or distribution of this material is a violation of federal law and punishable by civil and criminal penalty. This material is furnished “as is” without warranty of any kind. Its accuracy and completeness is not guaranteed and all warranties express or implied are hereby excluded.

© 2025 Horsesmouth, LLC. All Rights Reserved.