Inheritance assetsUK based wealth management and financial planning specialist Acquired by insurance and pensions giant Aviva in 2022It went on to reassure customers after disclosing that it is conducting an investigation into a cyber security incident of an as yet undisclosed nature
Details of the incident are thin on the ground, but it is known that the firm first warned of a potential attack on its IT systems on February 8.
In a statement released to the media, a spokesperson for the financial advisory firm said: “Legacy Assets has been the victim of a cyber-attack. We quickly launched an investigation and notified the appropriate authorities. The security of our clients’ information is our top priority and as a precaution during the investigation we quickly put additional security measures in place.” I did
“Legacy Assets will ensure that clients do not suffer financial loss if an attack results in misuse of their personal information held by Legacy. We are working to assess and resolve this situation, but at this stage, we cannot comment on the nature of this attack.
“We will provide further updates when appropriate. We understand this will cause concern for our clients and we apologize for this,” they said.
Founded in 2009, Succession Wealth operates a network of over 200 financial advisors and has over 20,000 clients. It specializes in long-term wealth management and financial planning, be it retirement planning, family investments, savings etc. It has 19 offices around the UK and approximately $10 billion worth of assets under advice.
Its £385m acquisition by Aviva was designed to strengthen the latter’s presence in the UK property market, which was worth more than £1.6tn in 2020. This enables Aviva to provide financial advice to its four million workplace pension customers and two million individual customers.
Casey Ellis, CTO and Founder of Crowdsourced Security Expert Bogra and its founder Disclose.ioCommented: “At first glance, the additional security measures and mention of customer data seem like it could be a ransomware attack, but we can only speculate at this point.
“The exact exposure to clients is unclear because they seem to understand on their own what happened, how to fix it, and the full extent of the breach.
“They reassured customers and employees: the impact, so by doing that we can assume they have a good idea of what’s going on. [and]As part of the Aviva Group, there will be many of the brightest cyber security minds right now,” said Ellis.
“The crisis comms team will also be full throttle because it’s just as famous now. The company has very personal financial information for many,” he added.
Legacy assets join a string of victims of cyber attacks in the UK so far in 2023, being the most high-profile Royal Mail and financial software firms Ion groupBoth of which were held for ransom by the Lockbit gang, currently one of the best ransomware operations in the world.
Julia O’Toole, CEO of Access Segmentation and Encryption Specialists MycenaeThat said, the majority of such breaches are still occurring through compromised credentials.
“When it comes to countering these all-too-common attacks, organizations must start by tightening access controls on their external and internal networks. Today, most organizations allow employees to generate their own digital keys or passwords to access the network, but it’s up to the organization and puts both its customers at risk, because that password can be phished or socially engineered,” he said.
“A simple way to combat this vulnerability is to encrypt employee credentials, making them more difficult to steal, and implement network access segmentation. This is a key ransomware prevention strategy, as it prevents attackers from traveling across the network even if they are able to break in.”