Cyber Incident Victim: Succession Wealth
Date:
Feb 2023
Location:
United Kingdom
Summary
A UK-based financial advisory firm experienced a cybersecurity incident, prompting an investigation and notification to relevant authorities. The company, owned by a major insurer, implemented additional security measures as a precaution and directly informed potentially affected clients while assuring them against financial losses resulting from misuse of their personal data. The nature of the attack remains undisclosed, with ongoing efforts to assess and resolve the situation. The firm acknowledged the incident caused concern among clients and apologized, committing to provide further updates when appropriate.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Succession Wealth, a UK-based financial advice firm owned by Aviva since its £385mn acquisition in March 2022, detected a cybersecurity incident on February 8, 2023. The company promptly notified relevant authorities but did not publicly disclose technical details about the attack vector or intrusion methods. An internal investigation commenced immediately, with Succession Wealth implementing additional security measures as a precautionary step while the forensic examination continued. The firm verified evidence confirming unauthorized system access before proactively contacting clients and employees potentially affected by the breach, though the scope of compromised data remained undetermined at initial disclosure. Succession Wealth emphasized client financial protection, pledging to cover any losses resulting from misuse of personal information held on its systems. This commitment extended to safeguarding the assets of approximately six million customers served through Aviva's wealth management channels, including workplace pension holders with £96bn under management and individual clients with £139bn in assets.
The incident occurred during a period of expanded acquisition activity for Succession Wealth, with founder Paul Morrish noting increased approaches from IFA firms following the Aviva integration. While maintaining operations, the company restricted public commentary on the attack's nature, origin, or specific impacted systems, citing the ongoing investigation. Regular updates were promised as the situation developed, with direct communications established to address client concerns. No ransomware claims or threat actor attributions emerged in initial reports, and the company's statements focused exclusively on containment measures rather than operational disruptions. Succession Wealth's response prioritized maintaining advisory services for Aviva's customer base while reinforcing data protection protocols across its infrastructure. The firm concluded its public communications with an apology for client concern and reiterated its commitment to resolving the situation through established investigative channels.