Cyber Incident Victim: Retirement Clearinghouse
Date:
Mar 2023
Location:
United States of America
Summary
A cybersecurity incident at Retirement Clearinghouse involved unauthorized access to an employee email account, compromising sensitive consumer information. The breach exposed names, Matrix Trust Company IRA account numbers, and Social Security numbers for 10,509 individuals. Following an investigation confirming the exposure, impacted parties were notified. The organization, which facilitates retirement account transfers, secured the affected account and coordinated data breach notifications to those affected by the unauthorized data access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 15, 2023, Retirement Clearinghouse detected suspicious activity within an employee email account, prompting immediate action to secure the compromised account and initiate an internal investigation. The Charlotte-based fintech company, specializing in IRA account transfers, conducted this investigation to determine the nature and scope of the unauthorized access and whether consumer data had been exposed. By March 28, 2023, the investigation confirmed that certain emails and attachments containing confidential consumer information had been accessible to an unauthorized party during the intrusion. Retirement Clearinghouse then launched a comprehensive review of the affected files to identify exactly which individuals were impacted and what specific data elements were compromised. This review process concluded on May 3, 2023, establishing that 10,509 individuals had their sensitive information exposed through the breach. The company subsequently filed a formal notice of the data breach with the Maine Attorney General on May 12, 2023, and on that same date began mailing individualized notification letters to all affected parties. No evidence suggested broader system compromise beyond the single email account infiltration that served as the entry point for the incident.
The breach exposed personally identifiable information including affected individuals' full names, Social Security numbers, and Matrix Trust Company IRA account numbers – a particularly dangerous combination of data elements for identity theft and financial fraud. Social Security numbers represented the most critically sensitive category of information exposed, as they provide persistent identifiers that criminals can exploit to open fraudulent accounts or compromise existing financial relationships. Retirement Clearinghouse's core business operations involve transferring retirement savings accounts between financial institutions, necessitating its access to such highly sensitive customer information provided by partner organizations. Founded in 2001 as RolloverSystems, the company handles consolidation of retirement accounts to prevent premature 401(k) withdrawals while generating approximately $20 million in annual revenue through these transfer services. Though the breach notification did not specify technical details about the attacker's methods or potential exploitation of stolen data before detection, contemporaneous security reviews indicated no evidence of continued unauthorized access after the March 15 account lockdown. Impacted consumers received guidance through notification letters about potential risks stemming from the exposure of their financial identifiers and government-issued identification numbers.