Data on Investors Obtained by Fraud

From Reuters

In the latest information theft to hit the financial industry, a big U.S. payroll firm was tricked into disclosing personal data on tens of thousands of brokerage customers to someone impersonating corporate officers.

Payroll service company Automatic Data Processing Inc., which also handles investor communication for brokerages, said Thursday that it gave lists of shareholders to “an unauthorized party” who fraudulently requested the data.

The information included names, addresses and number of shares owned by individual investors, but did not include account numbers or Social Security numbers and did not identify the brokerages where shares were held, ADP said.

Fidelity Investments said 125,000 of its customers were among those whose information was breached. UBS said about 10,000 of its customers were affected.


Morgan Stanley said about 3,800 of its clients were affected. Merrill Lynch & Co. said it was working with ADP to notify affected clients, but it declined to elaborate on numbers.

Bear Stearns Cos. and Citigroup Inc. did not return calls.

ADP said it provided the shareholder lists between November and February.

“We have recently discovered that an unauthorized party who impersonated officers at various public companies fraudulently requested shareholder lists for a number of public companies,” ADP said.


ADP’s services to brokers include sending lists of shareholders to public companies so that they can mail out information.

A letter obtained by Reuters, sent by ADP to a Fidelity brokerage customer, lists Sirius Satellite Radio Inc. and HealthSouth Corp. among 60 companies whose shares were held by affected investors.

The remaining names on the list were small stocks trading over the counter, on the Pink Sheets market or on the American Stock Exchange.