BlackRock, the largest asset manager in the world, exposed critical information about thousands of financial advisers who work with the firm as well as internal sales representatives. Bloomberg revealed that confidential data on 12,000 financial advisers included the amount of client money each adviser had under management in BlackRock's iShares ETF.
The information was revealed via a set of three spreadsheets that BlackRock exposed on one of the company's iShares-related information site. The links are dated as of December 5, 2018, and were removed soon after Bloomberg viewed them last week.
According to Bloomberg: "One of the spreadsheets appears to list more than 12,000 entries of advisers and their sales representatives at BlackRock. On another, the advisers were categorized in a variety of ways such as 'dabblers' or 'power users.' A column noted their 'Club Level' including the 'Patriots Club' or 'Directors Club.'”
The most troubling aspect of this unintentional data exposure is that BlackRock's own distribution partners are to blame, according to the firm, which is conducting a review of the incident. While financial institutions historically have focused their data security efforts on external attackers and hackers, this incident shows that even company-controlled data exposure is still a problem.
According to Bloomberg, the largest financial institutions pour $1 billion or more per year into hacker security. It would not be surprising to see these same firms begin to invest more heavily in securing their own confidential spreadsheets or moving to more secure record-keeping processes.