Aperio Group
| Primary URL | Location | Industry | aperiogroup[.]com |
Country
United States of America
|
Financial Services
|
|---|
Profile
Aperio, also known as Aperio Group, is a financial services firm headquartered in the United States of America. The organization provides financial services that involve the management of client accounts, including the handling of account names, numbers, email addresses and balances. Its operations are focused on serving clients who entrust the firm with sensitive financial information. As a financial services provider, Aperio’s core activities revolve around maintaining accurate account records and facilitating transactions on behalf of its clientele. The firm’s service model relies on electronic communication to exchange account details with clients and intermediaries. Aperio routinely uses email to transmit spreadsheet‑based account data as part of its standard business practice. This reliance on email for sharing client information formed a regular component of its operational workflow. The company’s headquarters in the United States situates it within a major market for financial services. Aperio’s service offering is defined by its responsibility to safeguard the account data it processes on behalf of its clients.
On August 21, 2017, Aperio experienced a data breach after two employees fell victim to phishing attacks that enabled attackers to configure unauthorized auto‑forwarding of emails to external accounts. The auto‑forwarding persisted for several months, allowing continuous exfiltration of messages. The compromised information consisted of client account data stored in spreadsheets, specifically including account names, numbers, email addresses and balances. Aperio confirmed that no social security numbers or login credentials were accessed during the incident. Upon discovering the breach, the organization notified law enforcement and began an internal investigation. In response, Aperio implemented enhanced security controls designed to limit the amount of sensitive data transmitted via email. It also strengthened employee training programs to improve awareness of phishing threats. The firm reported that intermediaries had received the exposed account details, but no misuse of the information was identified at the time. Although the total number of affected clients was not publicly disclosed, the breach prompted Aperio to review its data handling procedures. Consequently, the company adopted measures aimed at reducing reliance on unencrypted email for transmitting confidential client information. These actions reflect Aperio’s response to the incident and its ongoing effort to mitigate future risks associated with phishing‑related data exposure.
