Close Close
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
ThinkAdvisor
The rear view of a person in a hoodie, working on a computer.

Regulation and Compliance > Cybersecurity

TD Ameritrade Sued Again Over MOVEit Data Breach

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • This is at least the third lawsuit against TD Ameritrade related to the hack of Progress Software's file transfer system.
  • The brokerage was negligent in choosing to use the MOVEit software despite security vulnerabilities, the plaintiff argues.
  • The hack affected hundreds of companies and tens of millions of consumers worldwide.

A new civil lawsuit stemming from the massive MOVEit Transfer data breach alleges TD Ameritrade failed to properly safeguard consumers’ personally identifiable information, including names, Social Security numbers, financial account details and other data.

The putative class-action suit, filed Thursday in U.S. District Court in Massachusetts, seeks damages and injunctive relief from the Charles Schwab-owned brokerage and from Progress Software, which owns MOVEit.

In late May, a Russian ransomware gang exploited a weakness in MOVEit, which many organizations use to transfer files containing sensitive data.

The hack affected hundreds of companies, including numerous financial services firms, and tens of millions of consumers worldwide, spurring scores of lawsuits. This is at least the third against TD Ameritrade.

The breach allowed third-party cybercriminals to obtain consumers’ private information, including that of plaintiff Lisa Bunner Kurtz, according to the lawsuit, which alleges TD Ameritrade was negligent in choosing to use Progress’ MOVEit despite security vulnerabilities in the software.

“The harm to plaintiff cannot be undone,” the complaint says. Kurtz, an Illinois resident, and other class members “now face a present and ongoing substantial risk of fraud and identity theft.”

Among other allegations, the suit says the identity theft “has materialized and is imminent” and that Kurtz and the proposed class “have all sustained actual injuries and damages,” including invasion of privacy, costs incurred in mitigating risks and actual identity theft, loss of time and productivity, and diminished value of their personal information.

TD Ameritrade and Massachusetts-based Progress continue to control the class members’ personally identifying information, and to Kurtz’s knowledge they haven’t announced any changes to their data or security practices relating to that information, the complaint says.

In addition to negligence and unjust enrichment claims against both defendants, the plaintiff alleges Progress breached third-party beneficiary contracts.

The complaint asks the court to require TD Ameritrade and Progress Software to take various steps to secure consumer data and improve their cybersecurity.

“Allegations aren’t facts. Our focus is on protecting our clients and our clients’ data. We do that by not only standing by them in such matters but by thoroughly investigating any incident that may affect them,” a TD Ameritrade spokesperson told ThinkAdvisor by email Friday.

A spokesperson for MOVEit provided ThinkAdvisor with this statement Friday: “We do not comment on pending litigation as our focus remains on working closely with customers so they can take the steps needed to further harden their environments, including applying the patches we have developed.”

Image: Shutterstock


NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.