Cyber Incident Victim: Financial Dimensions Group
Date:
Jun 2022
Location:
United States of America
Summary
A financial services firm experienced a data breach when an unauthorized party accessed an employee's email account, compromising sensitive client information including names, addresses, dates of birth, driver's license numbers, financial account details, and Social Security numbers. The breach notification and investigation were handled by Royal Alliance, the securities registration entity for the affected organization's advisors, which secured its email systems and confirmed the scope of exposed data. Impacted individuals received notifications detailing the incident's effects on their personal information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 1, 2022, Royal Alliance was notified by Financial Dimensions Group, Inc. (FDG) of a data security incident involving unauthorized access to an organizational email account belonging to an FDG employee. Royal Alliance, which registers FDG employees to sell securities and provide investment advice, immediately secured its email environment following the notification. The firm initiated an internal investigation to assess the scope and nature of the breach, confirming that an unauthorized third party had compromised the employee’s email account. The investigation revealed that emails and attachments within the account contained sensitive client information, though the specific timeframe of unauthorized access was not disclosed. Royal Alliance subsequently reviewed the affected files to identify the types of compromised data and the individuals impacted. The exposed information varied by client but included names, addresses, dates of birth, driver’s license numbers, financial account numbers, Social Security numbers, and other account-related details. On October 13, 2022, Royal Alliance filed a notice of the breach with the Montana Attorney General and mailed data breach letters to all affected clients. These letters explained the incident’s occurrence, the categories of exposed data, and steps clients could take to protect themselves from identity theft and fraud. The breach did not involve direct compromise of Royal Alliance’s systems but stemmed from the intrusion into FDG’s email account.
Financial Dimensions Group, Inc., a Minnesota-based financial firm with offices in Arden Hills, Little Canada, Maple Grove, and New Brighton, provides tax management, investment advisory, retirement planning, estate conservation, and insurance services. The company employs over 20 financial advisors and generates approximately $20 million in annual revenue. While FDG operates independently of Royal Alliance, its advisors rely on Royal Alliance’s registration to conduct securities transactions and offer financial advice. The breach exposed highly sensitive personal and financial data of FDG clients, creating risks of identity theft, financial fraud, and unauthorized account access. Royal Alliance managed the breach response and notifications due to its regulatory role, though the incident originated within FDG’s email infrastructure. No additional attacker methodologies, motives, or containment measures beyond securing the email environment were disclosed in the Montana filing. The breach letters marked the conclusion of Royal Alliance’s review process, with no further remediation steps or system upgrades detailed in the available report.