Charles Schwab announces TD Ameritrade data breach

Charles Schwab announces TD Ameritrade data breach
Tens of thousands of clients could have been affected by huge attack resulting from vulnerabilities found in MOVEit file transfer software.
JUL 14, 2023

Charles Schwab Corp., the parent company of TD Ameritrade, Inc., has disclosed that it is just the latest company to suffer a data breach resulting from vulnerabilities found in MOVEit file transfer software. While the company claims that the computer systems of both companies remains unharmed, customer data stored on Ameritrade's MOVEit server was compromised.

The incident is currently under investigation by both Schwab and Ameritrade, with a thorough analysis expected to be completed soon. Upon conclusion, Schwab says, affected customers will be notified.

This data breach holds significant implications, as it contributes to one of the largest breaches of 2023, affecting millions of Americans. The compromised information puts individuals at an increased risk of identity theft and other fraudulent activities. It is crucial for customers who receive a data breach notification from TD Ameritrade or Charles Schwab to understand the potential risks and take appropriate measures.

The cause of the breach stems from vulnerabilities discovered in the MOVEit software, which TD Ameritrade used on a limited basis. The incident came to light after the software's developers detected a zero-day vulnerability.

Promptly responding to the potential security breach, TD Ameritrade ceased using MOVEit and promptly informed law enforcement. Simultaneously, an investigation was initiated to determine the scope of the breach and the specific client data that may have been exposed. Although this investigation remains ongoing, Schwab estimates that approximately 0.5% of Ameritrade's clients may have been affected. That could mean up to 55,000 clients have been affected.

In a release, Schwab emphasized its commitment to providing regular updates to clients as new information emerges, ensuring direct communication with affected individuals. It is anticipated that one of the two companies will issue data breach letters to impacted customers in the near future.

The MOVEit hack has already claimed some big scalps — the biggest U.S. pension fund, Calpers, and Genworth Financial have both said that clients personal information has been compromised.

Some of the companies that have been affected by the MOVEit hack already:
1st Source Bank
First Merchants Bank
Deutsche Bank
ING
Commerzbank
TD Ameritrade
Shell PLC
British Airways
Radisson Hotels
Jones Lang LaSalle
UofL Health
Tom Tom
U of Colorado

Russian-based group Cl0p, which who claimed responsibility for the attack, has already published Shell’s data to the dark web after the company failed to pay a ransom — there is no indication yet what fate awaits TD Ameritrade.

Latest News

IRA assets swell to $19.2 trillion as 401(k) rollovers drive growth
IRA assets swell to $19.2 trillion as 401(k) rollovers drive growth

IRAs now hold nearly twice the assets of 401(k) plans — and most of that money didn't arrive through annual contributions.

Women feel confident about saving, but many still keep cash in low-yield accounts
Women feel confident about saving, but many still keep cash in low-yield accounts

A new survey finds that many women prioritize financial security but continue to leave savings in accounts that may not keep pace with inflation.

SEC seeks comment on prediction-market ETFs after May pause
SEC seeks comment on prediction-market ETFs after May pause

Roundhill, Bitwise and GraniteShares funds remain on hold while the agency weighs how novel ETFs should be regulated.

Dump investment banks, buy alternative asset managers, says Oppenheimer
Dump investment banks, buy alternative asset managers, says Oppenheimer

"Shares of alternative assets managers have lagged this year as investors grow wary of private-credit exposure."

TaxStatus rolls out rules-based tool to flag advice gaps
TaxStatus rolls out rules-based tool to flag advice gaps

The fintech platform is touting a new AI-free Planning Observations feature, which draws on IRS tax records to uncover opportunities for advisors.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.