Fund Administrator to Pimco, Others Saw Breach at Vendor

(Bloomberg) -- A fund administrator for Pacific Investment Management Co., Angelo Gordon & Co., Centerbridge Partners and other money managers said a cyberattack at one of its key vendors exposed data.

The attack involved data on clients of SEI Investments Co., according to a statement from an SEI spokesperson. One of SEI Investments’ vendors, M.J. Brunner Inc., was breached in a ransomware attack that occurred on May 17, and the root cause was not related to vulnerability of SEI’s systems, the spokesperson said.

“We take our clients’ security very seriously, and we are working with Brunner, the Federal Bureau of Investigation and our impacted clients to understand the extent to which SEI’s or our clients’ data has been exposed,” the spokesperson said.

A representative for M.J. Brunner said the firm is “confident that we have contained the incident and there is no further risk to our network.”

The episode comes amid heightened sensitivity to cybercrime in the financial services industry. The U.S. Securities and Exchange Commission issued a bulletin earlier this month warning that ransomware attacks are becoming more sophisticated. Chief technology officers have also been under pressure as firms moved operations to remote setups because of nationwide lockdowns to stem the spread of Covid-19.

A spokesperson for Pimco confirmed that the company was aware of the cyberattack on SEI’s vendor and that information from certain investors in Pimco’s private funds had been revealed.

“Pimco is committed to ensuring the privacy of client information and is working with SEI to determine what data was disclosed and has informed clients that may have been impacted,” the spokesperson said.

Angelo Gordon and Centerbridge were also among the fund companies whose investors were affected by the attack, according to people with knowledge of the matter. Spokesmen for the firms declined to comment.

Centerbridge found out about the attack on July 16 and told investors the next day, according to one of the people. The impact was limited to only certain contact names and email addresses because Centerbridge had the investor dashboard as a back-up system, so it wasn’t in use at the time of the breach, the person said.

The Wall Street Journal earlier reported the breach, saying the attack involved about 100 of the fund administrator’s clients.

©2020 Bloomberg L.P.