Major service provider to the financial services industry was breached

A service provider of SEI Investments Co., affected by a ransomware attack.

SEI Investments Co., a fund administrator for several high-profile asset management firms experienced a breach, exposing the personal information of investors for approximately 100 clients.

SEI stated that the breach occurred through one of their service providers that faced a ransomware attack. M.J. Brunner, the firm affected by the breach is a software development company that developed and supports SEI’s investment dashboard and online client portal.

Headlines like this should serve as a reminder that no one is safe, and that bad actors are looking for different ways of compromising your data. No longer do bad actors need to attack fund managers to gain access to sensitive, or even personal information. They can go after third parties, like we have seen in the case of Wipro, the IT consulting firm that was breached last year. In this case they went after a third party of the third-party provider. Fourth party risk is something that should not be ignored.

We wrote about the breach of TCW and OCIE’s recent ransomware alert a few weeks ago. When you look at these alerts collectively, you should be worried. We are certainly not trying to be the alarmists in this situation, but when your peers and potentially a service provider you rely on have been attacked, it feels like it is bound to happen to you.

From our own personal experiences, we can tell you that these attacks are certainly on the rise. While we can not disclose more information than that, what we can say is these attacks are closer to you than you think.

We encourage you to spend the time and reassess your own situation and ask yourself if you are doing enough. Do not look at the dollars spent because this is not a good indicator. Look at the value you are getting for the dollars spent.