Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=206100536
Davidson Companies said on Wednesday that a database containing personal information of 226,000 current and past clients, including names and social security numbers, appears to have been illegally accessed "by a third party through a sophisticated network intrusion."
"Despite our efforts to safeguard client information, a computer hacker using sophisticated techniques illegally accessed a database and obtained access to confidential client information," said William A. Johnstone, Davidson Companies president and CEO, in a statement. "All of us at Davidson are acutely aware of the uncertainty, stress and inconvenience associated with the potential compromise of personal information. We are fully committed to helping our clients deal with this unfortunate event as quickly as possible and are adopting measures to further enhance our network security."
The company reportedly hired a penetration testing company last September to assess its IT security and the firm's hackers did not find any holes.
Company spokesperson Jacquie Burchard declined to provide further details. "With the investigation ongoing, it would be inappropriate to delve into the technical aspects of the security breach," she said in an e-mail. "We are in the process of notifying our clients and assisting them through the process of identity theft prevention. That is our key concern at this time."
The company said in a statement that it has found no evidence that those who hacked its systems have been able to affect or alter client data. It nonetheless is urging clients to be on guard against identity theft fraud that could arise as a result of the data breach. To assist those affected, the company plans to pay for a year of credit monitoring service.
Davidson Companies is a financial services holding company based in Montana. It includes D.A. Davidson & Co., an investment firm; Davidson Investment Advisors, a money management firm; Davidson Trust Co., a wealth management and trust company; Davidson Fixed Income Management, an investment and money management services firm; and Davidson Travel, a travel agency.
Attrition.org, a Web site that tracks data breaches, lists 28 incidents that have been reported since the beginning of 2008. Privacy Rights Clearinghouse, which also tracks such incidents, lists 25 data breaches to date this year.