Schwab, TD sued for failing to protect customer data from MOVEit hack

A class-action lawsuit filed in Nebraska federal court accuses TD Ameritrade and parent company Charles Schwab of neglecting their responsibilities to protect customer data.

In July, hackers exploited a vulnerability in MOVEit, a file-transfer system, to access sensitive information including Social Security numbers, financial account information, dates of birth and other government identification numbers of 61,000 TD Ameritrade customers, according to court documents. Both companies are accused of negligence, unjust enrichment and breach of implied contract, according to Bloomberg Law, which first reported the lawsuit.

MOVEit was widely used by businesses and government agencies. Since the attack began in June, more than 600 organizations around the world have been breached, exposing the data of nearly 40 million people, according to Reuters.  More than a dozen companies have been hit with class actions in response, Bloomberg reported, including Schwab rival Fidelity.

Schwab disclosed in July that it had detected a data breach and that client data was impacted. However, the company said less than 0.5% of its clients have been affected.

“Generic and conclusory allegations are often devoid of accuracy and context,” a spokesperson for Schwab said in an email. “Our focus is protecting our clients.We do that by not only standing by them in such matters but by thoroughly investigating any incident that may affect them. Our notification practices are consistent with our mission to see the world through our clients eyes and are in keeping with our regulatory obligations.”

The lawsuit, which was filed by plaintiff Keren Jeanfort on behalf of all impacted individuals, claims Schwab and TD knowingly failed to implement and maintain reasonable measures to safeguard the data and prevent unauthorized access. As a result, Jeanfort has an increased risk of suffering from financial fraud or identify theft.

By obtaining, collecting, using and directing a benefit from the PII of Plaintiff and Class Members, Defendants assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion, the complaint states. Defendants conduct in breaching these duties amounts to negligence and/or recklessness and violates federal and state statutes.

Jeanfort is being represented by law firm Wagstaff & Cartmell.

[More: Finra warns brokerages to pay attention to rising cybersecurity threats]