TD Ameritrade Hit With Class-Action Suit Over MOVEit Hack

Around August of 2023, TD Ameritrade began notifying class members of the data breach. TD Ameritrade began sending “undated notices of the Data Breach,” which included an admission “that an unauthorized actor accessed sensitive personal information about Plaintiff and Class Members,” according to the suit.

“The details of the root cause of the Data Breach, the vulnerabilities exploited, and the remedial measures undertaken to ensure a breach does not occur again have not been shared with regulators or Plaintiff and Class Members, who retain a vested interest in ensuring that their information remains protected,” the suit claims.

In a statement shared with ThinkAdvisor, TD Ameritrade said that “Generic and conclusory allegations are often devoid of accuracy and context. Our focus is protecting our clients. We do that by not only standing by them in such matters but by thoroughly investigating any incident that may affect them. Our notification practices are consistent with our mission to see the world through our clients’ eyes and are in keeping with our regulatory obligations.”

Significant Risks to Class Members

The suit goes on to state that “due to Defendant’s negligence, cybercriminals obtained everything they need to commit identity theft and wreak havoc on the financial and personal lives of thousands of individuals.”

The class action “seeks to redress Defendant’s unlawful, willful and wanton failure to protect the personal identifiable information of approximately 61,160 individuals that was exposed in a major data breach of Defendant’s files saved on the MOVEit server in violation of its legal obligations.”

The suit maintains that “for the rest of their lives, Plaintiff and the Class Members will have to deal with the danger of identity thieves possessing and misusing their Personal Information.”

Jeanfort and the class members face the potential for their personal information “to be sold and distributed on the dark web; a lifetime risk of identity theft, sharing, and detrimental use of their sensitive information; out-of-pocket expenses associated with the prevention, detection, and recovery from identity theft, tax fraud, and/or unauthorized use of their PII; and lost opportunity costs associated with attempting to mitigate the actual consequences of the Data Breach,” the suit states.

“At this time, there exist many Class Members who are totally unaware their PII has been compromised, and that they are at significant risk of identity theft and various other forms of personal, social, and financial harm,” the suit maintains.

For a list of life insurance and retirement-related organizations affected by the MOVEit breach, as of Aug. 21, 2023, see MOVEit Hack Hit These Life, Annuity and Retirement Firms.

Image: Shutterstock