Cetera Financial Group hacked via printing vendor

Cetera Financial Group was hacked last fall through an outside printing vendor, putting the Social Security numbers of 2,188 of its clients at risk, according to a notice this month from the Maine Attorney General's office.

The "external system breach," or hacking, occurred near the end of November, according to the Maine Attorney General. Cetera Financial Group said Tuesday that, in total, 584 clients had their Social Security numbers exposed.

In March, Cetera Financial received a notice from its third-party printing service provider, R.R. Donnelley & Sons Co., about a data security event that affected R.R. Donnelley's systems. R.R. Donnelley also identified earlier unknown activity on its network, according to the notice. The printing firm investigated and determined that between Nov. 29, 2021, and Dec. 23, 2021, its systems were accessed by an unknown actor.

Out of the total number of clients affected, two are residents of Maine, according to the notice.

Cetera is a giant network of broker-dealers, with 8,000 advisers and $475 billion in client assets.

"We are continuing to monitor and investigate the potential impact of a recent data security event at a third-party vendor," a Cetera Financial Group spokesperson wrote in an email. "While no Cetera systems were impacted, we take the confidentiality of our customers’ information extremely seriously."

Cybersecurity was the top near-term tech concern for independent broker-dealers like Cetera Financial Group, according to the 2020 InvestmentNews Adviser Technology Study, and was cited by 77% of firms that participated. 

Broker-dealers have been their guard for cyberattacks. In 2020, independent broker-dealers needed to rely on technology more than ever as a result of the Covid-19 pandemic, with home-office staff and a large number of advisers working from home or in remote offices. 

In 2019, Cetera Financial Group was hit with a data breach, putting the information of about 2,000 clients at risk.