Commonwealth is proactively following government and expert recommendations to ensure that our environment remains secure. In addition to the many ways in which they support BFG, Commonwealth is a key partner of ours for this precise reason. Though we take extreme precautions and work behind the scenes to provide the upmost protection for our clients’ information, there are no public facing systems in the world today that are completely immune to cybersecurity threats like these, so we count on our partners like Commonwealth to help guard against these potential hazards.

WHAT HAPPENED ON DECEMBER 9TH?
A critical security flaw in the popular library, Log4J, was publicly disclosed. This flaw had a major global impact across the entire technology ecosystem as many organizations, technologies, solutions, web applications, and third parties use this capability. This vulnerability had not previously been identified or considered severe. If the vulnerability had been exploited, a cybersecurity adversary could run malicious code that would have allowed them to take control of a system.

IS MY DATA SECURE?
Yes. Commonwealth’s InfoSec and Infrastructure teams worked diligently once they were made aware of the potential incident on Friday morning. The teams ran vulnerability scans across our network and infrastructure to determine if Commonwealth or its partners were affected, and no impacts were identified to date.

WHAT STEPS ARE BEING TAKEN TO ADDRESS THE INCIDENT AND AVOID FUTURE ATTACKS?
Commonwealth is actively engaging with their security partners and internal teams to ensure that the company’s environment is not vulnerable and that the systems are not compromised. Their teams are working around the clock to conduct infrastructure scans and collect indicators of compromise to confirm that proper prevention capabilities are in place.

Enhancements to Commonwealth’s InfoSec program will continue to improve internal capabilities, safeguarding greater protection of the Commonwealth network and their advisors. The implementation of several new capabilities will contribute to the continued security and protection of Commonwealth employees and advisors including an advanced endpoint detection and response solution, a revamped incident response plan, enhanced security due diligence, improved network monitoring and a faster Cyber Threat Intelligence program.

Additionally, BFG is in the process of implementing further precautionary steps within our internal and external processes, including, for example, the way in which our staff log into our network. The extra few steps we will take both in the office and remotely will create another layer of protection for our clients.

IS THERE ANY ACTION REQUIRED ON MY END?

No. We are sharing this incident for transparency purposes. We want to provide you peace of mind that we have teams and partners in the background who are constantly monitoring for specific threats and issues like these. Unfortunately, this will not be the last threat of its kind. However, we are confident that along with our ever-improving security measures, our key partners are equipped to quickly assess issues moving forward as they have in the past and determine what steps need to be taken.

FOR MORE INFORMATION

We will continue to monitor this situation and release updates.  If you have any questions, please contact our HR team at 210–775–6082, toll-free at 1–888–757–2104, or [email protected]