A new civil lawsuit stemming from the massive MOVEit Transfer data breach alleges TD Ameritrade failed to properly safeguard consumers' personally identifiable information, including names, Social Security numbers, financial account details and other data.
The putative class-action suit, filed Thursday in U.S. District Court in Massachusetts, seeks damages and injunctive relief from the Charles Schwab-owned brokerage and from Progress Software, which owns MOVEit.
In late May, a Russian ransomware gang exploited a weakness in MOVEit, which many organizations use to transfer files containing sensitive data.
The hack affected hundreds of companies, including numerous financial services firms, and tens of millions of consumers worldwide, spurring scores of lawsuits. This is at least the third against TD Ameritrade.
The breach allowed third-party cybercriminals to obtain consumers' private information, including that of plaintiff Lisa Bunner Kurtz, according to the lawsuit, which alleges TD Ameritrade was negligent in choosing to use Progress' MOVEit despite security vulnerabilities in the software.
"The harm to plaintiff cannot be undone," the complaint says. Kurtz, an Illinois resident, and other class members "now face a present and ongoing substantial risk of fraud and identity theft."
Among other allegations, the suit says the identity theft "has materialized and is imminent" and that Kurtz and the proposed class "have all sustained actual injuries and damages," including invasion of privacy, costs incurred in mitigating risks and actual identity theft, loss of time and productivity, and diminished value of their personal information.
