US investor services and payroll firm Automatic Data Processing (ADP) has admitted that it was tricked into disclosing personal data on thousands of brokerage customers to fraudsters posing as corporate officers.
According to a Reuters report ADP gave shareholder data to "an unauthorised party" who fraudulently requested the data.
The data includes names, addresses and number of shares owned by individual investors, but did not include account numbers or social security numbers and did not identify the brokers where shares were held.
Fidelity Investments has reportedly said that around 125,000 of its customers were among those whose data was breached. Around 10,000 UBS customers are thought to be affected along with 3800 Morgan Stanley clients and an undisclosed number of Merrill Lynch clients.
ADP says it provided the shareholder lists between November 2005 and February 2006. The vendor notified federal law enforcement officals of the problem in February this year, and notified its broker clients shortly after.
In January US credit data firm ChoicePoint said it was paying $15 million to settle charges that it failed to adequately protect customers' financial information following a data breach where a gang of criminals posing as businessmen gained access to around 163,000 personal records.