The world's largest asset manager BlackRock accidentally made personal data of thousands of its clients accessible via links on its website for more than a month.
Those links were connected to three separate spreadsheet documents. Each document includes names, email addresses and assets in the company’s iShares exchange-traded funds (ETF) investment portfolio scheme.
The spreadsheet links were dated to Dec 5, 2018, according to a Bloomberg report, saying that the documents were taken down last Friday after BlackRock was notified of the data leakage incident.
In those documents clients were in different status categories such as "dabblers" and "power users". Their club level status—such as “directors club” or “patriots club” were also indicated in those documents.
A spokesperson told Bloomberg the firm is conducting "a full review of the matter".
"The inadvertent and temporary posting of the information relates to two distribution partners serving independent advisers and does not include any of their underlying client information," the spokesperson continued.
Back in 2014, JP Morgan Chase had the data of 76 million US households and 7 million SMBs stolen from a massive attack.
Such leaked or stolen data could result in clients becoming victims of targeted malware attack, phishing, and scam.