Learn how Personal Capital Protects its Financial Assets and Customer Data

Download Case Study

Personal Capital is a leading hybrid digital wealth management company with more than $9 billion assets under management, 20,000 investment clients in all 50 states, and more than 2 million using it’s free financial planning tools.

As a customer-centric wealth management company, Personal Capital understood it was a legitimate target for cyber attacks, and needed to have best-in-class security to protect its users and clients’ money and data.

Personal Capital turned to Bugcrowd to manage its vulnerability disclosure and bug bounty programs.


  • Financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries.
  • Professional services would find a significant number of findings that were false positives and not reproducible.
  • They’d run a scan and send the results to engineering with little visibility on the quality of results or instructions on how to remediate.
  • The team wasted hours trying to parse through bad data.

Solution with Bugcrowd:

  • Personal Capital launched a managed vulnerability disclosure program with Bugcrowd.
  • After seeing immediate success, Personal Capital evolved the program to include a private bug bounty with a goal of taking the program public.
  • Personal Capital launched its public bug bounty program public in June 2019.

Program Results

  • The continuous testing from the Crowd provides the Personal Capital team with valuable vulnerability findings at scale.
  • Crowdcontrol helps Personal Capital manage their programs from start to finish.
  • Personal Capital was able to successfully integrate crowdsourced security into an ongoing and holistic security program using the most innovative technology and creative thinking available.


Bugcrowd has helped us trend toward better security posture and close issues of varying degrees of severity. Due to the success of the program, we’ve been able to increase the credibility of the security team internally with engineering and infrastructure teams. That camaraderie is invaluable
Maxime Rousseau Chief Information Security Officer

Program Facts

Use Case
Better Security for Financial Assets and Customer Data
Program Type
Bug Bounty & VDP

Empower your security team with a Crowd of white hat hackers to find vulnerabilities in your code before the bad guys do.