Data Breach Hits BNY Mellon Wealth Business

May 23, 2023

What Happened?

This month, BNY Mellon’s N.A. division notified clients that one of its vendors’ systems was infiltrated, resulting in exposure of client data, including Social Security numbers, Ignites reported. While there is no evidence that any resultant fraudulent activity has occurred, this still poses a significant risk to confidential client information.

What Does This Mean for Me?

Third-party data breaches pose significant risks to firms, especially investment advisers given their access to sensitive information. Firms should conduct due diligence on key vendors to mitigate third-party risk. Vendor due diligence reviews should assess:

• Scope of services provided by the vendor;
• Data risk presented by the type of data to which the vendor has access;
• Operational risk based off how heavily the vendor is relied upon to conduct day-to-day business;
• Policies, due diligence questionnaires, SOC Reports, and other additional items provided; and
• Alternate vendors in the event a vendor cannot provide its services.

Vendor due diligence is just one component firms must consider as part of a comprehensive cybersecurity program. Last month the U.S. Security and Exchange Commission (SEC)  issued a risk alert warning of cybersecurity threats at the branch offices of broker-dealers and investment advisers, and in the past fourteen months, the SEC has released three material cybersecurity proposals for investment advisers.

The proposed amendments will require a significant amount of time and enhancement to existing cybersecurity practices. Fairview Cyber offers turnkey solutions that address SEC requirements for cybersecurity, and our team of regulatory experts are available to answer any questions you may have regarding the proposed rules. To learn more, visit our Cyber Solutions page or contact us if you’d like to speak to one of our regulatory experts.