The World’s Largest Asset Manager had Leaked Client Data for More than One Month

Image: flyparade/iStock

The world's largest asset manager BlackRock accidentally made personal data of thousands of its clients accessible via links on its website for more than a month.

Those links were connected to three separate spreadsheet documents. Each document includes names, email addresses and assets in the company’s iShares exchange-traded funds (ETF) investment portfolio scheme.

The spreadsheet links were dated to Dec 5, 2018, according to a Bloomberg report, saying that the documents were taken down last Friday after BlackRock was notified of the data leakage incident.

In those documents clients were in different status categories such as "dabblers" and "power users". Their club level status—such as “directors club” or “patriots club” were also indicated in those documents.

A spokesperson told Bloomberg the firm is conducting "a full review of the matter".

"The inadvertent and temporary posting of the information relates to two distribution partners serving independent advisers and does not include any of their underlying client information," the spokesperson continued.

Back in 2014, JP Morgan Chase had the data of 76 million US households and 7 million SMBs stolen from a massive attack.

Such leaked or stolen data could result in clients becoming victims of targeted malware attack, phishing, and scam.

 

Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern