Employees of SogoTrade, a US-based online stockbroker, clicked a malicious link, resulting in tens of thousands having their personal details being exposed to attackers.
Phishing awareness is a must, not a luxury – a lesson SogoTrade learned the hard way. Earlier this year, the company succumbed to a classic phishing attack, resulting in four of its email accounts getting compromised.
According to a breach notification letter SogoTrade sent to impacted individuals, attackers successfully distributed malware via email. After attackers got their hands on the compromised accounts, they may have siphoned data from tens of thousands.
Information the company submitted to the Maine Attorney General‘s Office reveals that four breached email accounts exposed nearly 49,000 individuals. Moreover, the compromise was not a one-off and lasted between May 8th and May 22nd of 2024, with SogoTrade uncovering the attack late March of this year.
Exposed details include:
- First and last names
- Financial account numbers
- Social Security numbers
- Tax ID numbers
Attackers could utilize the leaked details for various nefarious purposes, such as identity theft, opening up fraudulent accounts with the intent to secure loans.
“SogoTrade deeply regrets that this incident occurred. After learning of the data security incident, SogoTrade reviewed its phishing procedures and enhanced its security awareness,” the company’s breach notification letter reads.
The company said it will provide impacted individuals with complimentary identity monitoring services. However, affected individuals are advised to stay vigilant and “regularly review your account statements and credit reports.”
Your email address will not be published. Required fields are markedmarked