20,000 advisers hit by BlackRock data leak in the US

Last week the asset manager BlackRock revealed that it had been hit by a data leak which has impacted upon around 20,000 of its advisers, including 12,000 at LPL Financial.

Among details lost in the leak were names, email addresses and other items of sensitive information.

In an official statement, BlackRock said: “BlackRock inadvertently posted a small number of sales-related documents, which were up for a short period of time, and promptly removed. The information related to a very limited number of wealth management platforms impacting approximately 20,000 independent advisers in the US.”

LPL Financial has been in touch with a number of advisers who conduct affairs with BlackRock’s iShares exchange-traded funds unit.

Speaking on behalf of LPL, Jeffrey Mochal said:

“After being informed by BlackRock of this issue, our first priority was to reach out to our advisers to make them aware of the situation and share the details we had learned.

“We will continue to stay in close communication with BlackRock as they research the incident and will share information with our advisers as it becomes available.

The firms at the heart of the data leak are the latest in a line of financial institution s to be caught up in data bungles that hit the core of business affairs. BlackRock has the world’s largest EFT operation, and therefore cannot afford to have its EFT sales disrupted.

This style of product accounts for around a third of around $6 trillion in overseas assets for the US financial giant.

BlackRock has not yet identified any other platforms across its service offering that may have been affected. The firm stated that it “recognises the seriousness of the error and deeply [regrets] that it occurred.”

“We always seek to treat the information entrusted to us with great care,” the firm added in its statement.

News of the leak was first reported on Bloomberg on Friday 18th January, revealing that BlackRock had mistakenly published the data of thousands of financial advisers on its website. The information cropped up on a number of spreadsheets, some of which included “club level” designations – a tier reference that includes many of the best performers.

BlackRock responded by saying that the leak was down to human error, and that sales-related data was inadvertently posted on iShares.com.

The company claims that those affected were notified of the transgression promptly, and that subsequent reviews of the BlackRock website have enabled executives to appreciate that the implications of the issue which is of “limited scope”.

“The sales related documents did not relate to any other client businesses at BlackRock,” a spokesperson said.

“No information about financial advisers’ end clients was included, and no sensitive personal or financial information about advisers or anyone else was included. Additionally, there were no ticker- or portfolio-level holdings information disclosed.”

Karen Barr, president and CEO of the Investment Adviser Association has urged concerned advisers to acknowledge and understand all the information that has been released on the issue so far.

“The first step is to assess the depth and type of information that was available. You really put your arms around the issue and the extent of the potential damage,” Barr said.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.