Cetera Financial Group Data Breach and Investigation • LegalScoops

‣ Attorney Investigation Alert
‣ Over 2,000 People Affected by Breach

On June 9, 2022, Cetera Financial Group, Inc. (“CFG”), a financial services group based in El Segundo, California, reported a data breach to the Maine Attorney General’s Office. 2,188 individuals nationwide were affected by the breach.

According to the company, on March 16, 2022, CFG received notice of a data breach from its printing service, R.R. Donnelley & Sons Company (“RRD”), that occurred between November 29, 2021 and December 23, 2021. After starting its own investigation, CFG determined that personal information from its files that were present on RRD’s systems at the time of the data breach were impacted by the RRD data breach.

For a free privacy consultation fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

While not included in CFG’s notice, it has been widely reported that R.R. Donnelley was the subject of a ransomware attack by the infamous Conti ransomware group. According to public reports, the Conti group took credit for the attack on RRD and briefly posted 2.5 GB of data on its data leak page.

The FBI issued a Flash Alert about Conti ransomware attacks in May, 2021. On September 22, 2021, a Joint Cybersecurity Advisory disseminated details about what red flags indicate a business has been compromised by Conti ransomware, and how attacks can be avoided.

The sensitive personal information in CFG’s files that may have been accessed and taken includes individuals’ full names and Social Security numbers (SSNs).

The full CFG notice provided to the Maine Attorney General can be viewed here.

CFG is offering affected individuals complimentary identity monitoring services through Experian. The deadline for enrollment in Experian services is listed in the Notice.

Special California Laws Protect You

California has laws that specifically protect your personal information.

  • The California Customer Records Act(CCRA) requires businesses to put into place and maintain reasonable security procedures and practices to protect consumer’s personal information. Companies must also notify affected California consumers quickly and without unreasonable delay.
  • The California Consumer…