Cyber Incident Victim: Ingalls & Snyder, LLC

On October 31, 2022, Ingalls & Snyder, LLC detected a network security incident impacting part of its computer network. The New York-based investment advisor and broker-dealer immediately secured its network and engaged external cybersecurity specialists to investigate the breach scope and origin. By November 3, 2022, investigators confirmed unauthorized parties had bypassed the company's data security systems and accessed sensitive client information stored on the network. The compromised data included first and last names, Social Security numbers, Ingalls & Snyder account numbers, external bank account details, dates of birth, and driver's license photographs. Following this confirmation, the firm conducted a comprehensive review of affected files to identify impacted individuals and specific data elements exposed in each case. The breach notification filed with the Vermont Attorney General on November 23, 2022, indicated that the attacker accessed varying combinations of personal and financial identifiers across different clients.

Ingalls & Snyder mailed individualized data breach letters to affected clients on November 23, 2022, detailing the compromised information specific to each recipient and providing guidance on fraud prevention measures. The incident exposed clients to heightened risks of identity theft and financial fraud due to the nature of the stolen data. Founded in 1924, the firm manages approximately $8 billion in assets and serves both private clients and institutional investors through its 69 employees. No technical details regarding the attack vector, duration of unauthorized access, or total number of affected individuals were disclosed in the Vermont filing. The company's $17 million annual revenue operation faced reputational scrutiny following the breach, with legal commentators noting potential financial liability for harms stemming from preventable security failures.