Merrill data bungle hits Walmart 401(k) plan

investmentnews.com:

Merrill Lynch is the latest broker-dealer to report a snafu in handling client private data, with the Maine Attorney General’s office last week disclosing that Merrill, as the record keeper for Walmart’s 401(k) plan, revealed private client information to an “unauthorized recipient” having nothing to do with the plan.

Merrill provides services for the Walmart 401(k) Plan, with 1,883 clients affected by the data breach. They are eligible for two years of Experian Credit Monitoring, according to Maine.

In April, “a Merrill employee inadvertently disclosed personal information to an unauthorized recipient via an isolated email error,” according to the Maine Attorney General. “We became aware of this event on April 22, 2024. The personal information included in the email was the first and last name and Social Security number.”

The email has since been deleted, and Maine officials in the May 23 notice added that they were not aware of any misuse of the disclosed personal information disclosed.

The Securities and Exchange Commission this month said it was sharpening its focus on cybersecurity breaches at broker dealers and registered investment advisors.

Interactive Brokers, which specializes in equities and options trading, this month notified Massachusetts that it had identified a business email compromise that resulted in the unauthorized access to a limited amount of consumer personal information.

“Financial institutions hold massive amounts of personal client information, including clients’ statements of net worth, and bad actors want to target this information for a variety of schemes,” said Scott Silver, a plaintiff’s attorney. “We’re hearing more horror stories along those lines.”

“Plus, there are many small