The personal data of more than 61,000 TD Ameritrade clients was exposed to hackers who breached an outside file transfer system, Progress Software's MOVEit, according to an Aug. 3 Notice of Data Breach that the Charles Schwab-owned firm, which uses the software, sent to clients.
The breach was part of a broad criminal hacking operation related to a vulnerability in the MOVEit transfer software. The hacking operation has hit hundreds of companies and government agencies globally.
In the notice, TD Ameritrade outlined what occurred, the steps it's taken to protect client information, and additional steps clients can take to ensure their information is further protected.
On May 30, the firm "became aware of a security incident involving MOVEit Transfer, a software application historically used by TD Ameritrade … to share files," it said in the letter.
"Since learning of the incident, we have conducted a thorough investigation and determined that, between May 28, 2023, and May 30, 2023, unauthorized individuals accessed a TD Ameritrade application of the MOVEit Transfer software and stole data."
TD Ameritrade said in its letter: "No other TD Ameritrade or Schwab systems or data were impacted, and all systems are operating normally. The results of our investigation have indicated that some of your personal information was included in the incident."
The affected information included client names and Social Security numbers, and "also may have included one or more of the following: financial account information, date of birth, government identification numbers, or other personal identifiers," according to the firm.
"No other TD Ameritrade systems or data were impacted, and all systems are operating normally," a Schwab spokesperson told ThinkAdvisor on Wednesday. "The incident did not impact Schwab's business operations or other systems. We will provide more updates to clients and will communicate with them directly, as appropriate."