Major hedge fund sees customers' personal data stolen by hackers

Data published online after service provider refused to pay ransom

SEI Investments - a fund administrator for Angelo Gordon, Pacific Investment Management Co (PIMCO), Centerbridge Partners and many other money managers - has disclosed a cyber attack against one of its key vendors that exposed personal information of many of its investors.

The cyber incident was detected in May and was only recently disclosed to SEI clients.

According to the firm, an unidentified group of hackers compromised systems of M.J. Brunner Inc on 17^th May, and were able to steal discrete pieces of user information, including names and emails, as well as phone numbers and physical addresses, in some cases.

The root cause of the incident was not related to any vulnerability in SEI's systems, the firm said.

"We take our clients' security very seriously, and we are working with Brunner, the Federal Bureau of Investigation and our impacted clients to understand the extent to which SEI's or our clients' data has been exposed," a spokesperson for SEI told Bloomberg.

M.J. Brunner is a Pittsburgh- and Atlanta-based service provider that supports SEI's dashboard and online enrolment portal. In a statement, M.J. Brunner said that the cyber incident had been contained and there was no further risk to its systems and the network.

According to ZeroHedge, a hacking group called RagnarLocker published a full data dump (over 570GB) obtained from the attack at mazenews[DOT]top, a site linked with phishing attempts. The data published includes usernames and passwords, as well as SQL files with live client data.

Hackers had reportedly asked Brunner to pay a ransom, but when Brunner declined to pay, they published all data exfiltrated from the company's systems.

The cyber attack against M.J. Brunner is the latest in the series of ransomware incidents that have impacted private firms across the US and Europe in recent months.

Last week, smartwatch and GPS device maker Garmin fell victim to a serious cyber attack that knocked many of its services offline for five days. The company finally acknowledged the incident on Monday, saying it was "the victim of a cyber-attack that encrypted some of our systems".

It is unclear if Garmin paid any ransom to hackers, although some media reports claimed that the firm was asked to pay $10m to get its systems back online.

In March, London-based fintech firm Finastra also suffered a ransomware attack that forced it to temporarily take its systems offline, causing disruptions to its global operations.

Last month, package and mail delivery firm Pitney Bowes fell victim to a second ransomware attack in a year. The screenshots posted by the hackers revealed that they were able to steal data related to several customers, including retailers and insurance firms.