What You Need to Know
- This is the second class-action filed against TD Ameritrade; the first was filed against Charles Schwab and TD.
- The plaintiff and the proposed class have already all suffered injury via fraudulent credit card charges and identity theft, the suit states.
- The suit maintains that for the rest of their lives, the plaintiffs will be at risk of identity theft.
TD Ameritrade was hit Monday with a class-action lawsuit for a data breach related to the ongoing cyberattack exploiting the MOVEit file-transfer software.
The suit, filed in the U.S. District Court for the District of Nebraska, states that the plaintiff Fortuno Jeanfort, along with the proposed class members, have already “all suffered injury” via fraudulent credit card charges and identity theft as a result of TD Ameritrade’s “negligent conduct” in not protecting their personally identifiable information.
On Aug. 24, TD Ameritrade, along with Charles Schwab, was sued in another class action filed in Nebraska related to the MOVEit hack.
The class-action suit against Schwab and TD comes as there’s less than a week to go before TD Ameritrade advisors and their clients’ accounts are scheduled to move to the Charles Schwab platform.
A number of class-action lawsuits have already been filed in relation to the breach, including one filed earlier this month against TIAA.
See: The MOVEit Hack Has Hit These Financial Firms So Far
TD Suit Details
According to the suit against TD Ameritrade, between May 28, 2023, and May 30, 2023, an unknown actor gained access to TD Ameritrade’s files that were saved on its MOVEit file transfer server.
As a result, “Plaintiff and the Class Members have had their personal identifiable information exposed,” the lawsuit states. It is believed that the well-known Russian cybergang, CL0P is the source of the attack, the suit states.
At least 734 organizations have reported MOVEit-related breaches, according to KonBriefing Research. Those reports have affected at least about 43 million people.
TD Ameritrade “betrayed the trust of Plaintiff and the other Class Members by failing to properly safeguard and protect their personal identifiable information and thereby enabling cybercriminals to steal such valuable and sensitive information,” the suit states.
On or around May 30, 2023, TD Ameritrade “claims they became aware that its MOVEit system had been breached,” according to the suit, adding that the breach exposed names, Social Security numbers, financial account information, dates of birth, government identification numbers and other personal identifiers.