Skip to content

Lessons Learned: BlackRock Data Breach

The 4th industrial revolution increased our reliance on the internet. Along with massive benefits, this change posed new technological risks or cyber risks. Worse yet, confidential information across all industries is being compromised on a bigger scale now. So data breaches have become an ordinary affair, yet they are complex events. Most organizations have an incident response plan to confront data breaches, but ascertaining the damage done can still be a tough task. We’re excited to launch a new content series, Lessons Learned, where we’ll discuss data breaches and share powerful cybersecurity lessons for businesses on how to prevent data breaches in 2022. Today we will have a deeper look at the BlackRock data breach that occurred in January of 2019.

What did happen?

BlackRock, an American investment management company, provides various asset, financial, and risk management services to customers. The company revealed that it had suffered a data leak. The data showed up in three spreadsheets, linked on one of the New York-based organization’s websites, dedicated to its iShares exchange-traded funds. The exposed information included names, email addresses, and other information.

How did it happen?

BlackRock data breach was not the outcome of a malicious hacker trying to obtain access to information. This time, the breach resulted from human error. Someone at the company unintentionally posted spreadsheets of sales-related data to a public part of the website. This breach brought a critical issue of spreadsheet risk management back into the focus. Flexibility is one of the greatest strengths of spreadsheets, but when mixed with a lack of control, it brings significant risks.

What was the result?

The incident is known to have affected nearly 20.000 of its financial advisers, and also 12.000 members of LPL Financial which is an independent broker-dealer. BlackRock clarified in a statement that there was no security breach and compromise of organisation systems.

Key takeaways for your businesses

Human error is an overlooked security problem and is seen as a major contributing factor to cyber breaches. Technology is not the only factor that can promise security for people in the digital world. In order to produce more secure environments, people have to be considered part of the transformational focus. Simply put, solely technical solutions are unlikely to stop security breaches.

Human error includes sending confidential data to incorrect recipients via email, inadvertently sharing company data on public websites, or misconfiguring assets to enable undesirable access. The only way to minimize human mistakes in cyber security is to implement a holistic approach. This strategy should entail not only updating security policies but also training employees and having system monitoring and surveillance techniques in place.

Educating employees is essential for reducing the likelihood of human error. The biggest barrier to training for many organizations is the cost of and time allocated to training. But, if those organizations consider a different perspective, they will see the return on investment for training.

One of the resources you should consider as part of risk mitigation is enrolling your responsible teams in our Cybersecurity Specialist training. Check our Cyber Security Specialist training with Swiss Federal Diploma. For more information, download the brochure.

Looking for more insights like this?

Data breaches often result in financial losses, reputational damage, and a loss of consumer trust for the organization. Therefore, it is vital for organizations to remain accountable by preventing them. We know the problem. So, we published another article on “How Can Data Breaches Be Prevented“. Also, don’t forget to check out our article on “5 Password Security Best Practices“.