Schwab, TD sued for failing to protect customer data from MOVEit hack

investmentnews.com:

A class-action lawsuit filed in Nebraska federal court accuses TD Ameritrade and parent company Charles Schwab of neglecting their responsibilities to protect customer data.

In July, hackers exploited a vulnerability in MOVEit, a file-transfer system, to access sensitive information — including Social Security numbers, financial account information, dates of birth and other government identification numbers — of 61,000 TD Ameritrade customers, according to court documents. Both companies are accused of negligence, unjust enrichment and breach of implied contract, according to Bloomberg Law, which first reported the lawsuit.

MOVEit was widely used by businesses and government agencies. Since the attack began in June, more than 600 organizations around the world have been breached, exposing the data of nearly 40 million people, according to Reuters.  More than a dozen companies have been hit with class actions in response, Bloomberg reported, including Schwab rival Fidelity.

Schwab disclosed in July that it had detected a data breach and that client data was impacted. However, the company said less than 0.5% of its clients have been affected.

The company did not respond to a request for additional comment.

The lawsuit, which was filed by plaintiff Keren Jeanfort on behalf of all impacted individuals, claims Schwab and TD knowingly failed to implement and maintain reasonable measures to safeguard the data and prevent unauthorized access. As a result, Jeanfort has an increased risk of suffering from financial fraud or identify theft.

“By obtaining, collecting, using and directing a benefit from the PII of Plaintiff and Class Members, Defendants assumed legal and equitable duties to those individuals to protect and safeguard