Aperio Group

Aperio operates as a financial services firm based in the United States of America. Its core activities involve managing client accounts, evidenced by the sensitive information compromised in a security incident. This included client account names, account numbers, email addresses, and account balances. The firm interacts with intermediaries who also received compromised client account details. Its operations involve handling substantial client financial data, necessitating secure communication protocols.

The organisation experienced a significant data breach in August 2017 stemming from phishing attacks targeting employees. This resulted in unauthorized email forwarding over several months, exposing client information primarily through unprotected email attachments like spreadsheets. While Social Security numbers and login credentials were confirmed as not accessed, the breach revealed vulnerabilities in handling sensitive client data via email. Following discovery, Aperio notified law enforcement, implemented enhanced security measures to restrict sensitive data in emails, and strengthened employee training protocols. Although the total number of affected clients was not publicly disclosed, the firm confirmed no misuse of the exposed information was identified at the time. These actions demonstrate a focus on remediation and improving security posture post-incident.