WFA
Company Details
Linkedin ID:
wells-fargo-advisors
Employees number:
14,657
Number of followers:
136,613
NAICS:
52
Industry Type:
Homepage:
wellsfargoadvisors.com
IP Addresses:
0
Company ID:
WEL_1538226
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Wells Fargo Advisors Vendor Cyber Rating & Cyber Score
wellsfargoadvisors.comWith financial advisors serving our clients in all 50 states, Wells Fargo Advisors is headquartered in St. Louis. At the end of the day, we help our clients succeed financially. For us – our Financial Advisors and thousands of other team members – it's a commitment. It's about honoring our relationship with clients and being fully invested in their success. Investors’ needs are more complex now than at any time in history. There are the usual concerns that investors can plan for, but there are also those events when life happens. That’s why investors are increasingly looking for advice they can trust from a financial services firm which has experience and expertise, and an uncompromising dedication to its clients. Opinions and comments expressed by LinkedIn Members are those of the persons submitting them and do not necessarily represent our views. Additional guidelines can be found on wfa.com/social. Investment and Insurance Products are: * Not Insured by the FDIC or Any Federal Government Agency * Not a Deposit or Other Obligation of, or Guaranteed by, the Bank or Any Bank Affiliate * Subject to Investment Risks, Including Possible Loss of the Principal Amount Invested Wells Fargo recognizes and values the diversity of its employees, customers and business partners. EOE, M/F/D/V. Wells Fargo Advisors is a trade name used by Wells Fargo Clearing Services, LLC and Wells Fargo Advisors Financial Network, LLC, Members SIPC, separate registered broker-dealers and non-bank affiliates of Wells Fargo & Company. © 2021 - 2025 Wells Fargo Clearing Services, LLC. All rights reserved. PM-09182026-6068127.2.1 Wells Fargo Investment Institute, Inc. (WFII) is a registered investment adviser and wholly-owned subsidiary of Wells Fargo Bank, N.A., a bank affiliate of Wells Fargo & Company.
Wells Fargo Advisors A.I CyberSecurity Scoring
WFA Risk Score (AI oriented)Between 750 and 799
WFA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
WFA Global Score (TPRM)XXXX
WFA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
WFA Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
Navy Federal Credit Union, USAA, Citibank, Fidelity Investments and Wells Fargo: Operation DoppelBrand: Weaponizing Fortune 500 Brands
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Operation DoppelBrand: Sophisticated Phishing Campaign Targets Fortune 500 Firms An elusive cyberthreat group known as GS7 has been running Operation DoppelBrand, a large-scale phishing campaign targeting Fortune 500 companies, financial institutions, and high-value entities worldwide. First observed between December 2025 and January 2026, the operation leverages near-perfect replicas of corporate login portals to steal credentials and deploy remote management and monitoring (RMM) tools for further exploitation. ### Key Details of the Campaign - Targets: Primarily U.S.-based financial institutions including Wells Fargo, USAA, Navy Federal Credit Union, Fidelity Investments, and Citibank alongside technology, healthcare, and telecommunications firms in Europe and other regions. - Tactics: GS7 registers over 150 malicious domains via registrars like NameCheap and OwnRegistrar, routing traffic through Cloudflare to evade detection. Attackers exfiltrate stolen data usernames, passwords, IP addresses, geolocation, device fingerprints, and timestamps to Telegram bots controlled by the group. - Infrastructure: The group has operated since at least 2022, with claims of activity dating back nearly a decade. Researchers linked GS7 to Brazilian cybercrime forums, where stolen credentials and financial data are traded. - Impact: Beyond credential theft, GS7 installs RMM tools on victim systems, enabling remote access or malware deployment. The campaign’s sophistication including rotating infrastructure and meticulous branding mimicry has allowed it to evade detection until now. ### Researcher Findings Security firm SOCRadar uncovered the operation, identifying a Telegram group ("NfResultz by GS") tied to the threat actor. A self-proclaimed GS7 member provided screenshots of past campaigns, including a Fidelity Investments phishing demo that triggered RMM tool downloads upon login. SOCRadar released TTPs (tactics, techniques, and procedures) and IoCs (indicators of compromise) to help defenders track the group’s activities. With English-speaking markets as the primary focus, GS7’s DoppelBrand campaign remains active, underscoring the growing threat of highly organized, financially motivated phishing operations.
Wells Fargo Bank, N.A.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General disclosed a data breach at Wells Fargo Bank on September 19, 2024, stemming from unauthorized access to customer personal information by a former employee between May 2022 and March 2023. The breach involved the misuse of internal systems to exfiltrate sensitive data, though the exact number of affected individuals remains undisclosed. The compromised information may include personally identifiable details, exposing customers to potential identity theft, financial fraud, or phishing attacks. The prolonged duration of the breach nearly a year suggests systemic vulnerabilities in access controls and post-employment monitoring. While Wells Fargo has not confirmed the scope of the stolen data, the incident underscores risks associated with insider threats and delayed detection. Regulatory scrutiny and customer notifications are expected, with potential reputational damage and legal repercussions for the bank.
Wells Fargo Bank, N.A.
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving Wells Fargo Bank, N.A. on May 5, 2022. The breach occurred on December 31, 2021, when a Wells Fargo employee emailed an encrypted file containing personal information to their personal email address, affecting an unspecified number of individuals. Types of personal information impacted may include names, addresses, phone numbers, email addresses, dates of birth, and social security numbers.
Wells Fargo Bank, N.A.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On November 6, 2019, Wells Fargo Bank, N.A. discovered a data breach linked to KDW Automotive, where an employee mistakenly sent an email containing sensitive personal information to an unintended financial institution. The exposed data included names and Social Security numbers of affected individuals, potentially putting them at risk of identity theft or fraud. The breach was reported to the California Office of the Attorney General in April 2020, highlighting a lapse in data handling protocols. While the incident did not involve malicious cyber activity, the unauthorized disclosure of personally identifiable information (PII) posed significant privacy concerns. The breach underscored the need for stricter email security measures and employee training to prevent similar errors in the future. No evidence suggested the data was misused, but the exposure alone created reputational and compliance risks for Wells Fargo.
Wells Fargo Advisors
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On September 26, 2017, the California Office of the Attorney General reported that Wells Fargo Advisors experienced a data breach on July 6, 2017. The breach involved client information being inadvertently provided to another law firm. The compromised information included client names, account numbers, and social security numbers. The number of individuals affected by this breach is unknown.
WFA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for WFA
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for Wells Fargo Advisors in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Wells Fargo Advisors in 2026.
Incident Types WFA vs Financial Services Industry Avg (This Year)
No incidents recorded for Wells Fargo Advisors in 2026.
Incident History — WFA (X = Date, Y = Severity)
WFA cyber incidents detection timeline including parent company and subsidiaries
WFA Company Subsidiaries
With financial advisors serving our clients in all 50 states, Wells Fargo Advisors is headquartered in St. Louis. At the end of the day, we help our clients succeed financially. For us – our Financial Advisors and thousands of other team members – it's a commitment. It's about honoring our relationship with clients and being fully invested in their success. Investors’ needs are more complex now than at any time in history. There are the usual concerns that investors can plan for, but there are also those events when life happens. That’s why investors are increasingly looking for advice they can trust from a financial services firm which has experience and expertise, and an uncompromising dedication to its clients. Opinions and comments expressed by LinkedIn Members are those of the persons submitting them and do not necessarily represent our views. Additional guidelines can be found on wfa.com/social. Investment and Insurance Products are: * Not Insured by the FDIC or Any Federal Government Agency * Not a Deposit or Other Obligation of, or Guaranteed by, the Bank or Any Bank Affiliate * Subject to Investment Risks, Including Possible Loss of the Principal Amount Invested Wells Fargo recognizes and values the diversity of its employees, customers and business partners. EOE, M/F/D/V. Wells Fargo Advisors is a trade name used by Wells Fargo Clearing Services, LLC and Wells Fargo Advisors Financial Network, LLC, Members SIPC, separate registered broker-dealers and non-bank affiliates of Wells Fargo & Company. © 2021 - 2025 Wells Fargo Clearing Services, LLC. All rights reserved. PM-09182026-6068127.2.1 Wells Fargo Investment Institute, Inc. (WFII) is a registered investment adviser and wholly-owned subsidiary of Wells Fargo Bank, N.A., a bank affiliate of Wells Fargo & Company.
Loading...
WFA Similar Companies
Block
Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate l
Empower
At Empower, we’ve always been guided by strong values with a focus on helping people achieve the financial freedom they deserve. It’s been an incredible journey so far, but our story is just getting started. From the very beginning, we’ve prided ourselves on putting our customers first in every
Old Mutual Limited is a listed company on the Johannesburg Stock Exchange and has secondary listings on the London, Malawi, Namibia and Zimbabwe stock exchanges. As a Pan-African financial services company, we are focused on Africa, her needs and her people. Together with you, we have educated our
XP Inc.
A XP Inc. é uma das maiores instituições financeiras independente do Brasil, dona das marcas XP, Rico, Clear, XP Educação, InfoMoney, entre outras. Com mais de 4,6 milhões de clientes ativos e um valor superior a R$ 1,3 trilhão de ativos sob custódia, há 24 anos vem transformando o mercado financeir
Sun Life is a leading financial services organization dedicated to helping people achieve lifetime financial security and live healthier lives. We provide a wide range of insurance and investment products and services in key markets around the world including Canada, the United States, the United K
Aditya Birla Capital
Aditya Birla Capital Ltd is a financial services company based out of One World Center, Tower 1, 18th Floor, Jupiter Mills Compound, 841, Senapati Bapat Marg, Elphinstone Road, MUMBAI, India. - Aditya Birla Capital is committed to provide equal opportunity to all in employment and prohibits discrim
TIAA
At TIAA, we believe everyone has the right to retire with dignity. For more than 100 years, we’ve provided retirement plans, insurance, and investment services, empowering millions of people— in education, healthcare, and nonprofit —with the knowledge, guidance, and lifetime income needed to plan th
Australia’s leading provider of financial services including retail, premium, business and institutional banking, funds management, superannuation, insurance, investment and sharebroking products and services. We are a business with more than 800,000 shareholders and over 52,000 employees. We offer
Mahindra Finance
Mahindra & Mahindra Financial Services Limited (Mahindra Finance), part of the Mahindra Group, is one of India's leading non-banking finance companies. Focused on the rural and semi-urban sector, the Company has over 10 million customers and has an AUM of over USD 11 Billion. The company is a lead
.png)
WFA CyberSecurity News
March 03, 2026 08:00 AM
Former Wells Fargo Advisor Gets Three Years for Real Estate Investment Scam
Andrew Egber pleaded guilty to felony theft and securities fraud in Maryland federal court last week. In addition to Wells Fargo,...
February 13, 2026 08:00 AM
SEC Bars Ex-Wells Fargo Advisor in Prison for Fraud
The Securities and Exchange Commission said Friday that it has barred Kenneth A. Welsh, a former Wells Fargo broker and investment advisor...
February 10, 2026 08:00 AM
Texas Precious Metals Welcomes Jim Hays, Former CEO of Wells Fargo Advisors, as Strategic Advisor
Texas Precious Metals, a leading firm in the metals and financial services sector, is proud to announce that Jim Hays, retired Chief...
February 06, 2026 07:00 PM
&Partners Picks Up Teams From Ameriprise, Wells Fargo FiNet
Four Lights Advisors and La Belle Vue Wealth Management are the latest to join David Kowach's hybrid broker/dealer.
January 21, 2026 08:00 AM
Wells to Add FiNet Advisors to RIA Channel in 2026
Wells Fargo Advisors is setting up a newly designed RIA Solutions channel seeded by advisors from its broker/dealer FiNet, according to a...
January 16, 2026 08:00 AM
Deals & Moves: Wells Fargo FiNet, RIA Credent Add Advisors
In addition, Rothschild Wealth deals for a Chicago-area RIA, Apollon Wealth adds a $200M firm, and a Bluespring partner firm bulks up assets...
January 07, 2026 08:00 AM
Forbes 2026 Best-In-State Wealth Management Teams List
Discover Forbes' 2026 ranking of the best-in-state wealth management teams. Explore top-rated financial firms renowned for their expertise...
December 29, 2025 08:00 AM
Momentum into 2026: Mark Smith, Wells Fargo Advisors
Mark Smith, senior vice president and portfolio manager at Wells Fargo Advisors, says 2025's sector momentum—led by tech,...
October 21, 2025 07:00 AM
Wells Fargo Advisors' 2026 Comp Plan Boosts Pay for Multi-Gen Accounts
Wells Fargo Advisors has published the details of its 2026 compensation plan. “For the fifth year in a row, Wells Fargo Advisors is...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
WFA CyberSecurity History Information
Official Website of Wells Fargo Advisors
The official website of Wells Fargo Advisors is http://www.wellsfargoadvisors.com.
Wells Fargo Advisors’s AI-Generated Cybersecurity Score
According to Rankiteo, Wells Fargo Advisors’s AI-generated cybersecurity score is 770, reflecting their Fair security posture.
How many security badges does Wells Fargo Advisors’ have ?
According to Rankiteo, Wells Fargo Advisors currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Wells Fargo Advisors been affected by any supply chain cyber incidents ?
According to Rankiteo, Wells Fargo Advisors has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Wells Fargo Advisors have SOC 2 Type 1 certification ?
According to Rankiteo, Wells Fargo Advisors is not certified under SOC 2 Type 1.
Does Wells Fargo Advisors have SOC 2 Type 2 certification ?
According to Rankiteo, Wells Fargo Advisors does not hold a SOC 2 Type 2 certification.
Does Wells Fargo Advisors comply with GDPR ?
According to Rankiteo, Wells Fargo Advisors is not listed as GDPR compliant.
Does Wells Fargo Advisors have PCI DSS certification ?
According to Rankiteo, Wells Fargo Advisors does not currently maintain PCI DSS compliance.
Does Wells Fargo Advisors comply with HIPAA ?
According to Rankiteo, Wells Fargo Advisors is not compliant with HIPAA regulations.
Does Wells Fargo Advisors have ISO 27001 certification ?
According to Rankiteo,Wells Fargo Advisors is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Wells Fargo Advisors
Wells Fargo Advisors operates primarily in the Financial Services industry.
Number of Employees at Wells Fargo Advisors
Wells Fargo Advisors employs approximately 14,657 people worldwide.
Subsidiaries Owned by Wells Fargo Advisors
Wells Fargo Advisors presently has no subsidiaries across any sectors.
Wells Fargo Advisors’s LinkedIn Followers
Wells Fargo Advisors’s official LinkedIn profile has approximately 136,613 followers.
NAICS Classification of Wells Fargo Advisors
Wells Fargo Advisors is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Wells Fargo Advisors’s Presence on Crunchbase
No, Wells Fargo Advisors does not have a profile on Crunchbase.
Wells Fargo Advisors’s Presence on LinkedIn
Yes, Wells Fargo Advisors maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/wells-fargo-advisors.
Cybersecurity Incidents Involving Wells Fargo Advisors
As of April 02, 2026, Rankiteo reports that Wells Fargo Advisors has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
Wells Fargo Advisors has an estimated 31,537 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Wells Fargo Advisors ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Wells Fargo Advisors detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with reported to california office of the attorney general, and communication strategy with public disclosure via vermont attorney general, and third party assistance with socradar..
Incident Details
Can you provide details on each incident ?
Title: Wells Fargo Advisors Data Breach
Description: On September 26, 2017, the California Office of the Attorney General reported that Wells Fargo Advisors experienced a data breach on July 6, 2017, where client information was inadvertently provided to another law firm. The types of information compromised included client names, account numbers, and social security numbers, with the number of individuals affected being unknown.
Date Detected: 2017-07-06
Date Publicly Disclosed: 2017-09-26
Type: Data Breach
Attack Vector: Inadvertent Disclosure
Title: Wells Fargo Data Breach
Description: An employee emailed an encrypted file containing personal information to their personal email address.
Date Detected: 2022-05-05
Date Publicly Disclosed: 2022-05-05
Type: Data Breach
Attack Vector: Email
Vulnerability Exploited: Human Error
Threat Actor: Internal Employee
Title: KDW Automotive Data Breach via Wells Fargo Email Misdelivery
Description: The California Office of the Attorney General reported that Wells Fargo Bank, N.A. discovered a data breach involving KDW Automotive on November 6, 2019. The incident occurred when an email was mistakenly sent to another financial institution, potentially exposing personal information such as names and Social Security numbers of affected individuals.
Date Detected: 2019-11-06
Date Publicly Disclosed: 2020-04-20
Type: Data Breach (Unintentional Disclosure)
Attack Vector: Human Error (Email Misdelivery)
Title: Wells Fargo Data Breach via Former Employee (2022-2023)
Description: The Vermont Office of the Attorney General reported a data breach involving Wells Fargo Bank on September 19, 2024. The breach involved unauthorized access to customer personal information by a former employee between May 2022 and March 2023, although the specific number of affected individuals is unknown.
Date Publicly Disclosed: 2024-09-19
Type: Data Breach (Insider Threat)
Attack Vector: Unauthorized Access (Insider)
Threat Actor: Former Employee
Title: Operation DoppelBrand: Sophisticated Phishing Campaign Targets Fortune 500 Firms
Description: An elusive cyberthreat group known as GS7 has been running Operation DoppelBrand, a large-scale phishing campaign targeting Fortune 500 companies, financial institutions, and high-value entities worldwide. The operation leverages near-perfect replicas of corporate login portals to steal credentials and deploy remote management and monitoring (RMM) tools for further exploitation.
Date Detected: 2025-12-01
Date Publicly Disclosed: 2026-01-01
Type: Phishing Campaign
Attack Vector: Malicious domains, credential harvesting, RMM tools
Vulnerability Exploited: Social engineering, lack of multi-factor authentication
Threat Actor: GS7
Motivation: Financial gain, data theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing portals.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach WEL659072525
Data Compromised: Client names, Account numbers, Social security numbers
Incident : Data Breach WEL539072925
Data Compromised: Names, Addresses, Phone numbers, Email addresses, Dates of birth, Social security numbers
Incident : Data Breach (Unintentional Disclosure) WEL1014090725
Data Compromised: Names, Social security numbers
Brand Reputation Impact: Potential (due to exposure of sensitive personal data)
Identity Theft Risk: High (due to exposure of SSNs)
Incident : Data Breach (Insider Threat) WEL033091825
Data Compromised: Customer Personal Information
Identity Theft Risk: Potential (PII exposed)
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Data Compromised: Usernames, passwords, IP addresses, geolocation, device fingerprints, timestamps
Systems Affected: Corporate login portals, victim systems with RMM tools installed
Operational Impact: Remote access or malware deployment on victim systems
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Client Names, Account Numbers, Social Security Numbers, , Names, Addresses, Phone Numbers, Email Addresses, Dates Of Birth, Social Security Numbers, , Personally Identifiable Information (Pii), , Personal Information, Credentials, device fingerprints, geolocation and timestamps.
Which entities were affected by each incident ?
Incident : Data Breach WEL659072525
Entity Name: Wells Fargo Advisors
Entity Type: Financial Services
Industry: Finance
Location: California
Incident : Data Breach WEL539072925
Entity Name: Wells Fargo Bank, N.A.
Entity Type: Financial Institution
Industry: Banking
Location: California
Incident : Data Breach (Unintentional Disclosure) WEL1014090725
Entity Name: KDW Automotive
Entity Type: Business (Automotive)
Industry: Automotive
Incident : Data Breach (Unintentional Disclosure) WEL1014090725
Entity Name: Wells Fargo Bank, N.A.
Entity Type: Financial Institution
Industry: Banking/Financial Services
Location: California, USA
Incident : Data Breach (Insider Threat) WEL033091825
Entity Name: Wells Fargo Bank
Entity Type: Financial Institution
Industry: Banking/Financial Services
Location: United States
Customers Affected: Unknown
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entity Name: Wells Fargo
Entity Type: Financial Institution
Industry: Banking
Location: U.S.
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entity Name: USAA
Entity Type: Financial Institution
Industry: Banking
Location: U.S.
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entity Name: Navy Federal Credit Union
Entity Type: Financial Institution
Industry: Banking
Location: U.S.
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entity Name: Fidelity Investments
Entity Type: Financial Institution
Industry: Investment
Location: U.S.
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entity Name: Citibank
Entity Type: Financial Institution
Industry: Banking
Location: U.S.
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entity Type: Technology Firms
Industry: Technology
Location: Europe, other regions
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entity Type: Healthcare Firms
Industry: Healthcare
Location: Europe, other regions
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entity Type: Telecommunications Firms
Industry: Telecommunications
Location: Europe, other regions
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach (Unintentional Disclosure) WEL1014090725
Communication Strategy: Reported to California Office of the Attorney General
Incident : Data Breach (Insider Threat) WEL033091825
Communication Strategy: Public Disclosure via Vermont Attorney General
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Third Party Assistance: SOCRadar
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through SOCRadar.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach WEL659072525
Type of Data Compromised: Client names, Account numbers, Social security numbers
Sensitivity of Data: High
Incident : Data Breach WEL539072925
Type of Data Compromised: Names, Addresses, Phone numbers, Email addresses, Dates of birth, Social security numbers
Sensitivity of Data: High
Data Encryption: Yes
Personally Identifiable Information: Yes
Incident : Data Breach (Unintentional Disclosure) WEL1014090725
Type of Data Compromised: Personally identifiable information (pii)
Sensitivity of Data: High (includes Social Security Numbers)
Data Exfiltration: No (unintentional disclosure via email)
Personally Identifiable Information: NamesSocial Security Numbers
Incident : Data Breach (Insider Threat) WEL033091825
Type of Data Compromised: Personal Information
Number of Records Exposed: Unknown
Sensitivity of Data: High (PII)
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Type of Data Compromised: Credentials, device fingerprints, geolocation, timestamps
Sensitivity of Data: High
Data Exfiltration: Yes, to Telegram bots
Personally Identifiable Information: Usernames, passwords, IP addresses, device fingerprints
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach (Unintentional Disclosure) WEL1014090725
Regulations Violated: Potential violation of California data breach notification laws (e.g., CCPA),
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach (Insider Threat) WEL033091825
Regulatory Notifications: Vermont Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach WEL659072525
Source: California Office of the Attorney General
Date Accessed: 2017-09-26
Incident : Data Breach WEL539072925
Source: California Office of the Attorney General
Date Accessed: 2022-05-05
Incident : Data Breach (Unintentional Disclosure) WEL1014090725
Source: California Office of the Attorney General
Date Accessed: 2020-04-20
Incident : Data Breach (Insider Threat) WEL033091825
Source: Vermont Office of the Attorney General
Date Accessed: 2024-09-19
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Source: SOCRadar
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2017-09-26, and Source: California Office of the Attorney GeneralDate Accessed: 2022-05-05, and Source: California Office of the Attorney GeneralDate Accessed: 2020-04-20, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-09-19, and Source: SOCRadar.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Reported to California Office of the Attorney General and Public Disclosure via Vermont Attorney General.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach (Insider Threat) WEL033091825
Reconnaissance Period: May 2022 – March 2023
High Value Targets: Customer Personal Information
Data Sold on Dark Web: Customer Personal Information
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Entry Point: Phishing portals
Backdoors Established: RMM tools
High Value Targets: Fortune 500 companies, financial institutions
Data Sold on Dark Web: Fortune 500 companies, financial institutions
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach WEL539072925
Root Causes: Human Error
Incident : Data Breach (Unintentional Disclosure) WEL1014090725
Root Causes: Human error (email sent to incorrect recipient)
Incident : Phishing Campaign CITWELNAVUSAFID1771266975
Root Causes: Lack of multi-factor authentication, social engineering
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as SOCRadar.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Internal Employee, Former Employee and GS7.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2017-07-06.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2026-01-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were client names, account numbers, social security numbers, , Names, Addresses, Phone Numbers, Email Addresses, Dates of Birth, Social Security Numbers, , Names, Social Security Numbers, , Customer Personal Information, Usernames, passwords, IP addresses, geolocation, device fingerprints and timestamps.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was SOCRadar.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Addresses, Social Security Numbers, social security numbers, Phone Numbers, account numbers, Usernames, passwords, IP addresses, geolocation, device fingerprints, timestamps, Customer Personal Information, Email Addresses, client names, Names and Dates of Birth.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Vermont Office of the Attorney General, SOCRadar and California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing portals.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was May 2022 – March 2023.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Error, Human error (email sent to incorrect recipient), Lack of multi-factor authentication, social engineering.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=wells-fargo-advisors' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
