Compliance July 14, 2023

Fidelity Latest Victim of MOVEit Hacks via Vendor PBI

PBI Research Services announced that more than 371,000 customers at client Fidelity had personal data exposed in the breach.

Reported by

Pension Benefit Information LLC, operating as PBI Research Services, reported in a regulatory filing Wednesday that the personal information of 371,359 participants in retirement plans administered by Fidelity Investments had been exposed in a data breach.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

The breach stemmed from a May attack on the encrypted file transfer software MOVEit and has hit financial firms, universities, the U.S. federal government and California public retirement systems, according to regulatory filings.

The PBI data breach occurred at the end of May and was discovered on June 2, according to PBI’s filing with the Office of the Attorney of General of Maine. Ignites first reported the breach.

On or around June 4, the firm sent a letter to potentially impacted customers noting that some of their personal information may have been stolen, but that the firm was not aware of an identity theft or fraud. PBI also provided customers with 24 months of credit monitoring and identity restoration from Kroll.

Upon learning about this vulnerability, we promptly took steps to patch servers, investigate, assess the security of our systems, and notify potentially affected customers and individuals associated with those customers,” John Bikus, the president of PBI, wrote in the letter. “In response to this event, we are also reviewing and enhancing our information security policies and procedures.”

PBI noted to customers that the breach impacted a “small percentage” of clients and that there was no breach at Fidelity. Rather, PBI “provides audit and address research services” for Fidelity, and the breach occurred via MOVEit file transfer, an encryption and file moving software owned by Progress Software Corp.

The letter noted that Fidelity had indicated accounts will continue to be covered by the recordkeeper’s customer protection guarantee. That guarantee notes on Fidelity’s website that the firm “will reimburse you for losses from unauthorized activity in your Covered Accounts occurring through no fault of your own.”

Fidelity did not immediately respond to request for comment on the breach.

The California Public Employees’ Retirement System and the California State Teachers Retirement System were hit by the same MOVEit breach via PBI, according to filings. Other organizations impacted by the attack include Corebridge Financial, Genworth Financial and Putnam Investments.

 

Deals & People July 14, 2023

Ascensus Brings on Asset Management Executive as President

Former Pendal Group CEO Nick Good will report to CEO and Chair David Musto.

Reported by

Ascensus LLC announced Thursday that financial services executive Nick Good will join the firm as president, overseeing the saving plan provider’s business lines and enterprise marketing division.

Good, CEO of asset manager Pendal Group until May, will take the president title from David Musto, who will remain CEO and chair of Ascensus. Good will also report to Musto when he starts on September 5, according to the announcement.

Ascensus, which was acquired by private equity firm Stone Point Capital in 2021, has grown its footprint in recent years through tax-advantaged retirement plans, 529 education savings accounts, health savings accounts and state-facilitated retirement plan accounts. The Dresher, Pennsylvania-based firm has more than $720 billion in assets under administration.

Good will work directly with the company’s line of business presidents and the digital, marketing and analytics center, focusing on client success, accelerating commercial activities, business development and partnerships, cross-business opportunities and overall business performance.

“Nick’s appointment as president is a strategic investment in our future,” CEO Musto said in a statement. “He offers a wealth of leadership experience and is well-versed in growing and optimizing businesses amidst the rapidly changing dynamics of our marketplace today.”

By shedding the president role, Musto will spend more time on the “overall leadership of the Ascensus organization, talent and culture, strategic investment growth, enhanced delivery of enterprise capabilities, and technology and solution innovation,” according to the announcement. In this role, he will continue to lead the company’s service and operations; technology; corporate development; finance; human resources; and legal, risk and compliance centers.

Good, who will be based in the Newton, Massachusetts, office, will bring wealth management experience, including approximately two years as CEO for the Pendal Group, which was sold to Perpetual Limited earlier this year. Prior to that role, Good was executive vice president and chief growth strategy officer for State Street Corp., focused on areas including strategy and mergers and acquisitions. Before joining State Street, Good spent eight years with BlackRock/Barclays Global Investors, primarily as CEO of iShares Asia-Pacific.

“Ascensus brings a wealth of insights, technology, and expertise to the market, but equally as important in my mind is the enduring impact of its corporate character and mission as an organization,” Good said.

«