Didn't see this posted nor easy to find via online search: Date of breach: 2/28/18 Customers notified starting late Feb 2019 https://oag.ca.gov/system/files/Phillip01_Multi States_0.pdf ____________________________________________ Portion: To Our Customers: We are writing to inform you that, on February 28, 2018, we were the target of a cyber-hacking incident that resulted in the compromise of certain email accounts that contained customer information. At that time, we believed that only two corporate customers were affected by the breach. Although we have no evidence to date that any individual client’s personal information was compromised, in hindsight we could have conducted a more extensive investigation. Hence, as an added precaution, we are currently contacting all our customers as we cannot be certain that personal information of our customers in the affected email accounts was not accessed by the attacker. What Happened? On February 28, 2018, Phillip Capital received a phishing email from a third-party vendor. Phillip Capital responded to this phishing email by logging onto what we believed was the vendor’s legitimate platform. This enabled the attacker to access a few of our employees’ email accounts before we discovered the incident and cut off all unauthorized access. What information were the hackers targeting? It appears the goal was to identify corporate clients that frequently made large wire requests and to impersonate such clients to redirect large wires to offshore bank accounts controlled by the attacker. What Information Was Involved? Personal information you provided to us was contained in the compromised email accounts, and may have been compromised as a result. This information may have included, but was not necessarily limited to, the following: (i) name; (ii) address; (iii) telephone number; (iv) email address; (v) social security number; (vi) trading account number(s); (vii) banking information; (viii) wire instructions; and (ix) other information that you may have provided through email to or from Phillip Capital. What We Are Doing. Phillip Capital has since implemented additional protections and controls to mitigate the risk of future breaches, including strengthening password policies, enhancing business processes, and expanding use of multifactor authentication. We have contacted and cooperated with U.S. and international law enforcement authorities. Phillip Capital is fully committed to providing all our clients with a secure and safe data platform, identifying and enacting proactive improvements as needed. To help protect your identity, we are offering a complimentary 12-month membership of Experian’s® IdentityWorksSM. This product provides you with identity detection and resolution of identity theft.