Prudential, Charles Schwab, TD Ameritrade Named in Latest MOVEit Suits

hackers

Image Credit: © Andrii Yalanskyi | Dreamstime.com


Several financial services corporations are the latest to be sued over the MOVEit file transfer data breach that has so far impacted 40 million victims.

A complaint was filed Wednesday against Charles Schwab and TD Ameritrade, accusing the institutions of failing to immediately notify 61,000 Schwab customers of the cyberattack, and instead waiting nine weeks to inform victims.

The other lawsuit accuses Prudential of providing inadequate credit monitoring services following the cyberattack, along with failing to take precautions to protect victims’ personally identifiable information (PII).

The breach involving Progress Software Corporation’s (PSC) MOVEit transfer file has up to now affected millions of financial customers including retirees, exposing sensitive information such as Social Security numbers, physical addresses, dates of birth, among other delicate material.

The attack originally occurred on May 29 and 30, when a ransomware cybergang called Cl0P accessed and exploited the software through a vulnerability in the system. The hackers then downloaded, exported, and stole victims’ PII. Financial institutions—like Prudential, Charles Schwab, and TD Ameritrade—had worked with vendors that utilized the MOVEit software to transfer clients’ personal and sensitive information.

Charles Schwab and TD Ameritrade face litigation

Filed by David Schultz in the U.S. District Court for the District of Nebraska, the complaint against Schwab and TD Ameritrade accuses the institutions of failing to notify victims in a timely manner, as well as failing to reveal findings of its internal investigation regarding the hack.

According to the suit, Schultz said he received a Notice of Data Breach letter on August 22—dated August 3—from TD Ameritrade Client Services, alerting him of the May cyberattack. The letter advised Schultz and victims of the hack to “spend time mitigating his losses by taking steps to help safeguard his information, including following recommendations by the Federal Trade Commission regarding identity theft protection and placing a fraud alert or security freeze on his credit file,” along with signing up for two years of credit and identity monitoring, cited the complaint.  

Because of the “Defendant’s data security failures and the Data Breach… Plaintiff and Class Members have suffered actual, present, concrete injuries,” said plaintiffs in the suit. According to the complaint, these injuries include “the current and imminent risk of fraud and identity theft; lost or diminished value of PII; out-of-pocket expenses associated with the prevention, detection, and recovery from identity theft, tax fraud, and/or unauthorized use of their PII.”

Plaintiffs are requesting the court oblige Schwab and TD Ameritrade to implement and maintain an Information Security Program, and engage in automated security monitoring, among other requirements. Plaintiffs are also seeking actual, statutory, nominal, and consequential damages, along with attorneys’ fees and costs.

Victims file complaint against Prudential

Bruce Parker, a California man who had given Prudential his personally identifiable information, is suing the company for failing to protect his and other victims’ information, as well as taking too long to alert clients of the breach.

In the suit, Parker also calls on Prudential to provide 10 years of free credit monitoring services, rather than the two years it is offering to over 320,000 impacted customers.

Plaintiffs are seeking restitution, an award of actual damages, compensatory damages, statutory damages, statutory penalties, and attorneys’ fees and costs. They are also requesting Prudential improve its data security practices.

SEE ALSO:

Exit mobile version