MOVEit Breach Put Data of 61,000 TD Ameritrade Clients at Risk

News August 09, 2023 at 02:08 PM
Share & Print

The personal data of more than 61,000 TD Ameritrade clients was exposed to hackers who breached an outside file transfer system, Progress Software's MOVEit, according to an Aug. 3 Notice of Data Breach that the Charles Schwab-owned firm, which uses the software, sent to clients.

The breach was part of a broad criminal hacking operation related to a vulnerability in the MOVEit transfer software. The hacking operation has hit hundreds of companies and government agencies globally.

In the notice, TD Ameritrade outlined what occurred, the steps it's taken to protect client information, and additional steps clients can take to ensure their information is further protected.

On May 30, the firm "became aware of a security incident involving MOVEit Transfer, a software application historically used by TD Ameritrade … to share files," it said in the letter.

"Since learning of the incident, we have conducted a thorough investigation and determined that, between May 28, 2023, and May 30, 2023, unauthorized individuals accessed a TD Ameritrade application of the MOVEit Transfer software and stole data."

TD Ameritrade said in its letter: "No other TD Ameritrade or Schwab systems or data were impacted, and all systems are operating normally. The results of our investigation have indicated that some of your personal information was included in the incident."

The affected information included client names and Social Security numbers, and "also may have included one or more of the following: financial account information, date of birth, government identification numbers, or other personal identifiers," according to the firm.

"No other TD Ameritrade systems or data were impacted, and all systems are operating normally," a Schwab spokesperson told ThinkAdvisor on Wednesday. "The incident did not impact Schwab's business operations or other systems. We will provide more updates to clients and will communicate with them directly, as appropriate."

Schwab's July 7 Notice

On July 7, Schwab posted a notice that TD Ameritrade had "limited use" of the MOVEit Transfer software application hit by hackers and that some client data was affected.

TD Ameritrade has "taken immediate action by containing the threat and halting any use of MOVEit Transfer," that notice said. "We have also alerted and are working with law enforcement.

"The incident affected some client data. However, we believe less than 0.5% of clients may have been affected," Schwab stated in the notice.

There is now less than one month to go before TD Ameritrade advisors and their clients' accounts are scheduled to move to the Charles Schwab platform.

Schwab has been moving accounts in groups since February. The transition to the Schwab platform scheduled for Labor Day Weekend, Sept. 2-5, represents the last major step to integrate the two companies as part of Schwab's $22 billion acquisition of TD Ameritrade that closed in October 2020.

Credit: Bloomberg

For a list of life insurance and retirement-related organizations affected by the MOVEit breach, as of Aug. 21, 2023, see MOVEit Hack Hit These Life, Annuity and Retirement Firms.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center