Redtail Technology is the latest company left scrambling after inadvertently leaving client data exposed and vulnerable to outside parties. The advisor-focused customer relationship management (CRM) provider confirmed that a March 4 “data exposure” left sensitive customer data in an unsecured environment, affecting “less than 1% of Redtail clients,” according to a statement provided by CEO Brian McLaughlin. Redtail, which is a partner in the cybersecurity organization cleverDome, did not provide the exact number of affected advisors or end-clients. It remains unclear whether the unsecured data was accessed by unauthorized parties.
The firm apparently knows how many advisors were affected, however, and is notifying them and providing “access to a leading national data security firm to directly assist advisors and their clients,” said McLaughlin. In its security statement, Redtail notes that “every precaution has been taken to write a secure and compliant solution” and it provides a status page that informs customers of maintenance and outage issues.
The March 4 data exposure is not listed on Redtail’s self-published online incident report, however. There was no scheduled maintenance for that date, but two maintenance sessions occurred later in the month, according to the site.
Redtail is a cleverDome partner, along with firms like TD Ameritrade Institutional, Orion, Riskalyze and United Planners, a relationship that includes a commitment to cybersecurity standards across firms, designed to give advisors peace of mind and assure them they are meeting their due diligence standards when vetting digital vendors inside the partnership, according to Aaron Spradlin, co-founder and chief visionary officer of cleverDome.
CleverDome, which is structured as a benefit corporation, was founded as a way to provide an industry-initiated solution for securing data. “The vendors are not regulated, and the contracts are very complicated,” Spradlin explained in a 2018 interview, outlining problems faced by financial advisors. “If there is a breach, there is limited liability involved. There are a lot of challenges.”
Redtail said the data exposure was unrelated to its partnership with cleverDome. However, part of the benefit corporation’s expressed mandate is “protection of consumer information” through network security and “a common due diligence standard,” noted Spradlin.
CleverDome's CEO, Michael Hallett, could not be reached for comment to address Redtail's lapse, stating through a spokesperson that "this incident was not related to the cleverDome partnership." Further questions were referred to a Redtail spokesperson.
For its part, Redtail is “doubling down” on securing customers’ data, said McLaughlin, without going into details on what changes would be made to the company’s security protocol or employee training. “We are taking this matter very seriously.”