LPL Monetary is the newest agency to disclose a cybersecurity incident. In keeping with a discover submitted to Maine’s Lawyer Common, the breach led to “unauthorized securities transactions and monetary transfers” in some shoppers’ accounts.
In keeping with the info breach notification info on the lawyer common’s website, LPL notified affected customers concerning the breach that occurred on November 10, 2025 and was found 10 days later.
A pattern letter to shoppers supplies particulars on the breach that affected shoppers working with “a small quantity” of the agency’s affiliated monetary advisors. (LPL reported that 1,581 whole shoppers have been affected, and solely two in Maine.)
“Our investigation discovered that malware distributed by phishing messages affected a restricted variety of particular person advisor units and resulted in unauthorized third-party entry to the accounts of these advisors on LPL’s web-based advisor portal,” the pattern letter learn.
LPL said within the letter that it contacted legislation enforcement after discovering the breach and carried out an inner investigation. Whereas the agency didn’t determine particular proof that “delicate private info was accessed or acquired by a 3rd occasion,” it couldn’t rule out the likelihood that third events could have seen some shoppers’ info through the breach.
When LPL discovered that breach, it stopped the exercise, secured the affected accounts, and restored “any impacted accounts to their authentic monetary positions.”
The agency additionally applied new “technical safeguards” to bolster its present safety and located no proof that its techniques remained compromised. The agency provided affected shoppers a complimentary two-year Experian credit score monitoring membership.
In keeping with an LPL spokesperson, the agency “recognized uncommon exercise involving accounts related to a really small variety of affiliated advisors. The exercise was promptly contained, and there aren’t any ongoing points.”
The info breach notification follows the same discover from the agency to Maine regulators late final 12 months, detailing a small cyber incident in October by which “international menace actors” accessed on-line accounts of some affiliated advisors and “used them in reference to a ‘hack pump-and-dump’ buying and selling scheme supposed to artificially inflate the value of securities.”
LPL is the newest in a current spate of monetary companies corporations to undergo knowledge breaches from hackers; most of the particulars of those alleged hacks have been revealed at school motion fits introduced by shoppers accusing the corporations of failing to guard their non-public info from cybercriminals.
Corporations within the crossfire of hackers and sophistication motion complaints embrace Cetera Monetary and Ameriprise, in addition to Hightower Advisors, Edelman Monetary Engines, Beacon Pointe Advisors and Pathstone Household Workplace.
Within the Ameriprise breach, a cybercriminal community known as ShinyHunters carried out the heist. ShinyHunters is a digital extortion group that always steals delicate info from firms or people and threatens to leak it in trade for a ransom. The cybercriminal community was additionally allegedly on the heart of a Mercer Advisors knowledge breach final month.
