An employee of Merrill, the investment and wealth management division of Bank of America, inadvertently exposed the personal data of 1,883 Walmart 401(k) Plan participants in a recent email error. According to a breach notification submitted to the Maine Attorney General’s office, the incident occurred on April 16, 2024, and Merrill became aware of it on April 22, 2024. The disclosed information included names and Social Security numbers of the affected individuals, who are likely employees of Walmart.
Upon discovery, Merrill confirmed that the misplaced email had been deleted and stated that there is no evidence of misuse of the exposed personal details. Despite this, Merrill is taking precautionary measures by offering two years of complimentary identity theft protection services to those impacted. Additionally, the company has advised affected individuals to review their credit reports and account statements for any unauthorized transactions.
This incident is not isolated, as Walmart has faced previous data breaches. Earlier this year, an internal breach occurred when a Walmart employee accessed colleagues’ employment management accounts from September 2023 to March 2024.
Merrill, formerly known as Merrill Lynch until 2019, employs nearly 15,000 staff members and manages close to $3 trillion in client assets. The company has reiterated its commitment to safeguarding personal information and has taken steps to prevent similar incidents in the future.
