Cyber Incident Victim: Aria Retirement Solutions
Date:
Sep 2021
Location:
United States of America
Summary
A cybersecurity incident impacted RetireOne's platform provider when an unauthorized party accessed an employee email account, compromising sensitive consumer data including names, Social Security numbers, driver’s license numbers, dates of birth, and financial account information. The company detected suspicious email activity and launched an investigation confirming the breach, though it could not identify specific accessed emails or attachments. Notification letters were sent to affected individuals detailing the compromised information and potential risks. The breach stemmed from unauthorized email account access, with phishing highlighted as a common attack vector for such incidents, though the specific intrusion method was not disclosed by the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 29, 2022, RetireOne, Inc., a fee-based insurance platform operated by Aria Retirement Solutions, Inc., announced a data breach stemming from unauthorized access to an employee email account. The incident began when Aria detected suspicious activity in the email account around September 1, 2021, prompting an internal investigation. By September 20, 2021, the investigation confirmed that an unauthorized party had infiltrated the account, though the company could not determine which specific emails or attachments the intruder accessed. The compromised email account contained emails and attachments holding sensitive consumer information, including names, Social Security numbers, driver’s license numbers, dates of birth, and financial account details. Aria conducted a review of the affected files to identify the scope of exposed data, which varied by individual. The breach notification letters, distributed on July 29, 2022—nearly 11 months after initial detection—informed affected individuals of the incident and outlined steps to mitigate risks of identity theft and fraud.
Aria Retirement Solutions, a San Francisco-based financial services firm with over 25 employees and approximately $5 million in annual revenue, did not disclose the method by which the attacker gained email access. The company’s notice described the breach as limited to a single employee’s email account but acknowledged the presence of sensitive consumer data within that account. While the article noted that phishing attacks—often involving deceptive emails with malicious links or attachments—accounted for a third of 2021 cyberattacks, Aria did not confirm whether phishing enabled this incident. No further details regarding containment measures, system modifications, or attacker motives were provided in the source material. The breach exposed personally identifiable information and financial data, necessitating consumer vigilance against potential fraud, though no specific fraud incidents or financial losses were directly attributed to the breach in the available information.