Menu
Browse

Cyber Incident Victim: Northern Trust Corporation

Date:

Aug 2022

Location:

United States of America

Summary

Northern Trust Corporation experienced a data breach involving unauthorized access to its network, compromising customer names and account numbers but not Social Security numbers. The incident impacted approximately 129 individuals in Massachusetts, prompting breach notifications and offers of free credit monitoring to affected parties. The financial services firm, operating across multiple U.S. states and international locations, reported the event to Massachusetts authorities without disclosing specific timing details regarding the breach occurrence or discovery.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On August 30, 2022, Northern Trust Corporation publicly confirmed a data breach involving unauthorized access to its computer network, which compromised sensitive consumer information. The breach resulted in the exposure of affected individuals' names and account numbers, though available evidence indicated Social Security numbers were not compromised. Northern Trust issued formal data breach notification letters to impacted parties on the same date as its public disclosure, advising recipients on protective measures against identity theft and fraud. The company reported the incident to the Office of the Attorney General of Massachusetts, where it identified approximately 129 affected residents. While the breach notification confirmed system intrusion and data exposure, Northern Trust did not disclose the timeline of the breach occurrence or its discovery in the available filing. The company offered free credit monitoring services to victims, consistent with common corporate responses to data exposure incidents.

Cyber Incident Image

As a Chicago-based financial services firm founded in 1889, Northern Trust operates across 19 U.S. states, Washington D.C., and 19 international jurisdictions, providing wealth management and investment services. The corporation employs over 21,100 personnel and generates approximately $6 billion in annual revenue as a NASDAQ-listed entity (ticker: NTRS). The breach notification mechanism specifically referenced Massachusetts residents due to state reporting requirements, leaving the total global impact undisclosed in available sources. No technical details regarding the attack vector, containment measures, or system vulnerabilities were provided in the Attorney General filing or subsequent public disclosure. The compromised data type—account numbers—created potential fraud risks requiring affected customers to monitor financial accounts, though the company did not report evidence of actual misuse at the time of notification.

Sources
Sources available to members
1 source