Cyber Incident Victim: Wealth Enhancement Group

On or around April 28, 2023, Wealth Enhancement Group determined that a recent security incident constituted a cyberattack that may have compromised confidential information. The discovery of the incident occurred prior to this date when the company learned that an unauthorized party had gained access to a standalone server located in one of the firm's advisor team offices. The specific date of the initial unauthorized access was not disclosed. In immediate response to discovering the breach, Wealth Enhancement Group secured its affected system and terminated all unauthorized access to prevent further data exfiltration. The company then launched a comprehensive internal investigation to understand the full scope and impact of the intrusion.

The investigation confirmed that the cyberattack resulted in the unauthorized access of sensitive consumer information that was stored on the compromised server. The data exposed in the breach varied from individual to individual but included a combination of highly sensitive personal and financial details. The categories of information accessible to the unauthorized party included consumers' full names, Social Security numbers, addresses, dates of birth, and phone numbers. Additionally, email addresses, driver's license numbers, state identification numbers, and financial account numbers were also compromised. The presence of Social Security numbers and financial account information significantly elevated the potential risks associated with the data breach for the affected individuals.

Following the completion of its investigation, Wealth Enhancement Group undertook a review of the compromised files to identify precisely which consumers were impacted and what specific information of theirs was leaked. This process was necessary to provide accurate and detailed notifications to all affected parties. On June 28, 2023, Wealth Enhancement Group formally filed a notice of data breach with the Attorney General of Montana, publicly disclosing the incident. Concurrently, the company began sending out individualized data breach notification letters to all persons whose information was affected by the recent data security incident. These letters were intended to inform victims of the breach and provide them with a list of which of their specific information types were compromised.

Wealth Enhancement Group is an independent wealth management firm that was founded in 1997 and is headquartered in Plymouth, Minnesota. The company provides customized financial planning and investment management services to its client base. It operates from 75 branch offices distributed across 21 states and employs more than 1,000 people. The firm generates approximately $515 million in annual revenue. The nature of its business involves the handling and storage of substantial amounts of sensitive client financial data, which was the target of this attack. The breach impacted a standalone server within a specific advisor team office, though the total number of affected individuals was not specified in the available information. The incident highlights the risks associated with unauthorized access to systems containing personal identifiable information and financial data, which can be used for identity theft and various forms of financial fraud. The company's response included securing the system, terminating access, investigating the incident, and notifying affected consumers and government authorities as required by law.