Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor
A Charles Schwab location in New York

Regulation and Compliance > Cybersecurity

MOVEit Breach Put Data of 61,000 TD Ameritrade Clients at Risk

By Jeff Berman

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • TD Ameritrade is one of hundreds of companies and government agencies affected by a cyberattack on a third-party file transfer system.
  • Client data compromised in the hack included names and Social Security numbers, the firm says.
  • Schwab reported in July that it had halted use of the MOVEit system and was working with law enforcement.

The personal data of more than 61,000 TD Ameritrade clients was exposed to hackers who breached an outside file transfer system, Progress Software’s MOVEit, according to an Aug. 3 Notice of Data Breach that the Charles Schwab-owned firm, which uses the software, sent to clients.

The breach was part of a broad criminal hacking operation related to a vulnerability in the MOVEit transfer software. The hacking operation has hit hundreds of companies and government agencies globally.

In the notice, TD Ameritrade outlined what occurred, the steps it’s taken to protect client information, and additional steps clients can take to ensure their information is further protected.

On May 30, the firm “became aware of a security incident involving MOVEit Transfer, a software application historically used by TD Ameritrade … to share files,” it said in the letter.

“Since learning of the incident, we have conducted a thorough investigation and determined that, between May 28, 2023, and May 30, 2023, unauthorized individuals accessed a TD Ameritrade application of the MOVEit Transfer software and stole data.”

TD Ameritrade said in its letter: “No other TD Ameritrade or Schwab systems or data were impacted, and all systems are operating normally. The results of our investigation have indicated that some of your personal information was included in the incident.”

The affected information included client names and Social Security numbers, and “also may have included one or more of the following: financial account information, date of birth, government identification numbers, or other personal identifiers,” according to the firm.

“No other TD Ameritrade systems or data were impacted, and all systems are operating normally,” a Schwab spokesperson told ThinkAdvisor on Wednesday. “The incident did not impact Schwab’s business operations or other systems. We will provide more updates to clients and will communicate with them directly, as appropriate.”

Schwab’s July 7 Notice

On July 7, Schwab posted a notice that TD Ameritrade had “limited use” of the MOVEit Transfer software application hit by hackers and that some client data was affected.

TD Ameritrade has “taken immediate action by containing the threat and halting any use of MOVEit Transfer,” that notice said. “We have also alerted and are working with law enforcement.

“The incident affected some client data. However, we believe less than 0.5% of clients may have been affected,” Schwab stated in the notice.

There is now less than one month to go before TD Ameritrade advisors and their clients’ accounts are scheduled to move to the Charles Schwab platform.

Schwab has been moving accounts in groups since February. The transition to the Schwab platform scheduled for Labor Day Weekend, Sept. 2-5, represents the last major step to integrate the two companies as part of Schwab’s $22 billion acquisition of TD Ameritrade that closed in October 2020.

Credit: Bloomberg

For a list of life insurance and retirement-related organizations affected by the MOVEit breach, as of Aug. 21, 2023, see MOVEit Hack Hit These Life, Annuity and Retirement Firms.

Jeff Berman

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.