Kovack Financial data breach impacted more than 40,000 individuals

Florida-based investment advisory company Kovack Financial said it experienced a data security incident in 2023 that compromised the sensitive personal information of more than 40,000 individuals.

 

In a filing with the Office Of Maine Attorney General and a notice on its website, Kovack Financial said that on September 5, 2023, it identified unauthorised access in parts of its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation revealed that “a third-party provider was subject to a security issue that impacted personal information belonging to certain Kovack Financial clients.”

 

“On June 10, 2024, Kovack Financial discovered that certain files within the email accounts containing personal information may have been accessed and acquired by the unauthorised party between approximately August 15, 2023 and September 5, 2023, and for certain data held by the third-party provider, belonging to a limited number of persons who also hold accounts with Kovack Financial, between March 15, 2024 and April 10, 2024,” the company said.

 

The compromised data included names, dates of birth, Social Security numbers, individual taxpayer identification numbers, driver’s license numbers, passport numbers, state identification numbers, other governmental identification numbers, financial account numbers, financial routing numbers, financial account access information, payment card numbers, payment card access information, license plate recognition data, medical condition or treatment information, individual health insurance policy numbers, biometric identifier, and usernames and access information.

 

Kovack Financial’s regulatory filing with the Maine state Attorney General revealed that at least 43,324 individuals were impacted by the data security incident.

 

The company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through CyEx to all affected individuals.