True North Networks Blog
Redtail CRM data breach exposes personal client data
A data breach may have exposed personal client information that advisers store on Redtail Technology's client relationship management software, according to an email the fintech firm is sending to affected advisers.
The email, obtained by InvestmentNews, says the firm discovered on March 4 that its logging systems inadvertently captured a "small subset of the sensitive investor data" advisers keep on the CRM. The data were stored in a file that anyone on the internet could access.
Investor information in the file includes first and last names, physical addresses, dates of birth and Social Security numbers.
Redtail said in the email that it removed access to the file and launched an investigation as soon as it learned about the exposed data. But it said that remediation has been delayed because of the nature of the data, the format in which it was maintained and the time it takes to consolidate and correlate with Redtail's databases.
Redtail had to build specific applications to determine which clients' data was exposed. The company is emailing affected investors and offering free access to LifeLock Defender Preferred, a credit and identity theft monitoring and remediation product from Symantec.
"Less than 1% of Redtail clients were affected by this data exposure," Redtail CEO Brian McLaughlin said in an emailed statement. "We are taking this matter very seriously and are doubling down on our efforts to ensure that our customers' data is safe and secure."
Mr. McLaughlin also clarified there was no intentional break-in of Redtail's systems by a third-party. "It was a temporary exposure which Redtail uncovered and corrected," he said.
Redtail is one of the most popular CRMs among financial advisers. According to Technology Tools for Today's 2019 Software Survey, Redtail commands a 57% market share.