Redtail Technology is the latest company left scrambling after inadvertently leaving client data exposed and vulnerable to outside parties. The advisor-focused customer relationship management (CRM) provider confirmed that a data exposure on March 4, left sensitive customer data in an unsecured environment, affecting “less than 1% of Redtail clients,” according to a statement provided by CEO Brian McLaughlin.
Redtail, which is a partner in the cyber-security organization cleverDome, did not provide the exact number of affected advisors or end-clients. It remains unclear whether the unsecured data was accessed by unauthorized parties or not.
The firm apparently knows how many advisors were affected, and is notifying them and providing “access to a leading national data security firm to directly assist advisors and their clients,” said McLaughlin.
In its security statement, Redtail notes that “every precaution has been taken to write a secure and compliant solution” and it provides a status page that informs customers of maintenance and outage issues. Does this mean that they have the latest anti-malware and anti-fraud systems setup? Apparently not.
Redtail is a cleverDome partner, along with firms like TD Ameritrade Institutional, Orion, Riskalyze and United Planners, a relationship that includes a commitment to cybersecurity standards across firms, designed to give advisors peace of mind and assure them they are meeting their due diligence standards when vetting digital vendors inside the partnership, according to Aaron Spradlin, co-founder and chief visionary officer of cleverDome.
CleverDome, which is structured as a benefit corporation, was founded to provide an industry-initiated solution for securing data. “The vendors are not regulated, and the contracts are very complicated,” Spradlin explained in a 2018 interview, outlining problems faced by financial advisors. “If there is a breach, there is limited liability involved. There are a lot of challenges.”
Redtail said the data exposure was unrelated to its partnership with cleverDome. However, part of the benefit corporation’s expressed mandate is “protection of consumer information” through network security and “a common due diligence standard,” noted Spradlin.
For its part, Redtail is “doubling down” on securing customers’ data, said McLaughlin, without going into details on what changes would be made to the company’s security protocol or employee training. “We are taking this matter very seriously.”
