Cybersecurity Risks for Private Clients: Raw Insights from the Frontlines

David Riedl

Share this post

Sep 20, 2022

For years now, I’ve worked closely with clients and their family members, family office heads and support teams to enhance their cybersecurity protection against malicious actors. I also get the panicked late-night calls when breaches occur. While many of these incidents can be addressed quickly with minimal harm to the individual, family or office, some are very serious.

A routine day for me and my team may be one of the worst days of a client’s life. Devastating personal information leaks. Stolen passwords and identity theft. Blackmail, extortion and sextortion. And deep, long-term infiltration, monitoring and manipulation of their identity, finances and lives.

Based on my direct experience, the cybersecurity risks confronting individuals of wealth, prominence, power and celebrity are much higher than those impacting most of us. If you consider yourselves in these categories, or support and advise others who do, take a few minutes and keep reading. I hope that the details below will incentivize you to make cybersecurity a clear and commanding priority.

Scenario #1: A Blockbuster Celebrity is Sextorted

In 2020, an international celebrity received a phone call from a representative at the company he used for residential tech support. Or, rather, he thought that’s who was on the other end of the line. “Sir, we’ve found some viruses on your computer,” the individual said. “We need your permission to access the network and clean it up.” The star authorized them to release information to help them access his computer.

Over the next hour, the “representative” made a series of calls informing the star of more viruses and issues. Eventually, he informed the celebrity he had discovered child-harm material on his computer. Understandably, the man was shaken. He turned on his computer and found that someone had placed heinous content on his hard drive without his knowledge. He was willing to do anything to control the problem and told the representative as much. Shortly after that, the star received a demand for a very large bitcoin payment to prevent the release of the child-harm material to the media.

At this point, the star realized he needed more help than the tech company could provide, so he contacted Jensen Hughes. We discovered that the tech company didn’t employ the representative who initially contacted him. In fact, the tech company didn’t even exist as a legitimate business, despite having a web presence. He had been working with a group of hackers from the beginning. We immediately deleted the child-harm material and wiped his system clean.

We informed the U.S. Secret Service, as we do regularly in cases like these. While the agency’s cybersecurity specialists addressed the “backend,” I worked on the “front end” to continue resolving the issues directly on the star’s computer. The Secret Service identified the money mule in the United States and arrested him. Two years later, the Secret Service is still monitoring the situation and gathering information on the extent of the hackers’ attacks.

Although we resolved the issue, the psychological effects remained with the star. For a while, he was averse to using technology and began to encounter work-related issues as a result. We worked with him on strategies to further secure his online presence, alleviate his fears, and allow him to resume his lifestyle and career.

Scenario #2: A Well-Known Actor’s Monthlong Battle to Protect Himself

While flying over Central America, a well-known actor received an unexpected confirmation notice on his phone of a $200,000 transfer out of his bank account to an unknown party. When he landed, he called Jensen Hughes to help resolve the issue.

We eventually discovered that the hackers had compromised the AOL email account he was using. They figured out his password based on information available on his IMDb page. The actor had a wealth of sensitive information in his inbox, including his passport information, driver’s license number, financial account numbers and credit card numbers.

They downloaded the information and quietly monitored his email for weeks until they saw his away message go up: “I will be out of the country without access to email for four days.” They knew exactly when he would be in the air and struck at the moment he was most vulnerable. They were able to compromise his financial accounts, transfer money and take out several lines of credit in a matter of minutes. By the time he was on the ground and in a position to rectify the situation, he was completely compromised and locked out of his accounts.

We froze his accounts and credit to minimize his risk. We changed his passwords and worked to understand how this happened, how the hackers got so much personal information and how to make him safe going forward. While we were at his house putting these safeguards in place, the actor received a phone call from the auto specialist facility where he stored several vehicles worth nearly a million dollars. They confirmed that his cars “were on the trailer for shipment, per his request.” We alerted the local police who responded to the dealership and prevented the loss.

The hackers continued to attack the actor. They contacted AOL and convinced customer service that they were the legitimate user and needed to change their password. We locked them out. They got back in. We locked them out. When they realized they had exhausted their options, they sold the actor’s information on the dark web and it started all over again.

The new purchasers started a round of sextortion. They impersonated the actor on his social media accounts, chatted with underage girls and demanded payments to “make the problem go away.”

They impersonated vendors and used old invoices to overwhelm the actor’s assistants and socially engineer them to release additional information.

Over many weeks, we worked closely with the actor and his advisers to mitigate his risks, address his vulnerabilities, and position him better to protect his information and reputation in the future.

Attacks Can Be Serious: Make Cybersecurity a High Priority

It’s easy to defer the low-level maintenance or administrative tasks associated with “digital hygiene.” Don’t do it. The risks are real. The consequences can be much worse than you realize, especially if your assets, publicity or position make you a high-value target.

Jensen Hughes’ Private Client Family Office (PCFO) division has advised some of the most prominent, wealthiest and most private families in the world. Learn more about how we can help protect you and your family’s private financial, business, and personal information and reputation.