On May 8, 2023, Advisor Group filed a notice of data breach with the Attorney General of Massachusetts after learning about a third-party data breach at one of the company’s vendors, R.R. Donnelly & Sons Company. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses and Social Security numbers. After confirming that consumer data was leaked, Advisor Group began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification from Advisor Group or one of its broker dealers, it is essential you understand what is at risk and what you can do about it. Because this breach exposed victims’ SSNs, it means anyone who receives a data breach letter from FSC Securities, Royal Alliance, SagePoint Financial, or Woodbury Financial is at an increased risk of identity theft. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Advisor Group data breach, please see our recent piece on the topic here.

What We Know So Far About the Advisor Group Breach

News of the Advisor Group data breach is still fresh; however, what we know at this point comes from the company’s filing with the Attorney General of Massachusetts. According to this source, Advisor Group was recently informed of a cybersecurity incident at one of the company’s vendors, R.R. Donnelly & Sons Company (“RRD”). Evidently, Advisor Group relies on RRD to fulfill some of the company’s mailing needs, which is how RRD ended up in possession of information pertaining to Advisor Group’s clients.

Based on the Advisor Group filing, on December 23, 2021, RRD experienced a possible data security incident. In response, RRD secured its systems and launched an investigation to determine what, if any, consumer data was leaked as a result.

The Advisor Group does not mention when RRD let it know about the incident. However, it is surprising that nearly 18 months elapsed between the RRD data breach and Advisor Group customers receiving notice of the incident.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Advisor Group began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address and Social Security number.

On May 8, 2023, Advisor Group sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Advisor Group

Based in Phoenix, Arizona, Advisor Group is a company made up of several broker dealers. Advisor Group’s broker dealers include SagePoint Financial in Phoenix, AZ; Royal Alliance in New Jersey; FSC Securities Corporation in Atlanta, GA; Woodbury Financial Services in Oakdale, MN; American Portfolios in Holbrook, NY; Infinex Financial Group in Meriden, CT; Securities America in Omaha, NE; and Triad Advisors in Norcross, GA. Advisor Group employs more than 10,000 people and generates approximately $3 billion in annual revenue.