On June 20, 2024, NettWorth Financial Group detected suspicious activity in its email environment, prompting an immediate investigation to determine whether sensitive or personal information had been compromised. The investigation revealed that an unauthorized party accessed the contents of one employee’s mailbox around June 18, 2024. Following this discovery, NettWorth initiated a comprehensive review of all data within the mailbox, and by August 20, 2024, the review confirmed that personal information of certain current and former clients, as well as related individuals, may have been affected.
The compromised information varied between individuals but included personal details such as names, addresses, dates of birth, and Social Security numbers. However, NettWorth emphasized that there was no evidence to suggest that the exposed personal information had been misused or that any fraudulent activities had occurred. Despite this, the company moved swiftly to locate contact information for the affected individuals and prepare the necessary notification services, which were completed by August 30, 2024.
On September 11, 2024, NettWorth notified one Maine resident of the data security incident via U.S. First-Class Mail, along with a sample of the notification letter sent to the affected individual. In addition to informing those affected, NettWorth offered comprehensive protective measures, including 12 months of complimentary credit monitoring and identity protection services through IDX by Zerofox. These services include credit and dark web monitoring, identity theft recovery assistance, and a $1,000,000 insurance reimbursement policy to help mitigate the impact of the incident.
As part of its response to the breach, NettWorth took additional steps to strengthen its security posture. The company implemented enhanced technical security measures to prevent future incidents and reduce the risk of similar breaches. NettWorth also provided individuals with detailed information about actions they could take to further protect their personal data, showing its commitment to safeguarding client information and ensuring transparency throughout the process.
Reference:
