Articles Tagged with hacking

Stoltmann Law Offices, P.C. is evaluating cases for Robinhood clients whose personal identifying information or other confidential information that was exposed to a hacker according to a November 8 notice sent out by the company. The notice sent to clients stated that, on November 3, 2021:

“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems. At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people – approximately 310 in total – additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people.”

Robinhood clients impacted by this data breach could have viable claims for recovery if the victim can establish actual damages. If your credit has been compromised, if you have paid for credit monitoring, if you are the victim of a subsequent data breach that cost you money, you could have a viable claim for recovery. Stoltmann Law Offices is exploring all options to help victims of this data breach.

Chicago-based Stoltmann Law Offices has represented investors who have suffered losses as a result of their brokerage or investment accounts being infiltrated by hackers.  How safe are your retirement funds from hackers? With massive hacking activity and cybersecurity in the news every day, that’s an essential question to ask your financial advisor. Cybercriminals are trying to steal money and personal financial information 24-7.

Here’s a series of questions to ask: When financial advisors suspect that your retirement accounts are being hacked, have they reported this information to you? Even more importantly, have they reported it to federal authorities such as the FBI or Treasury Department? That’s not only the right thing to do, they are legally obligated to do so.

Of course, if an advisor or third party fails to report suspicious online activity to regulators, they may be breaking the law. The U.S. Securities and Exchange Commission (SEC), for example, recently imposed a $1.5 million fine and settled charges against GWFS Equities, an affiliate of Great West Life and Annuity Insurance Company, “for violating the federal securities laws governing the filing of Suspicious Activity Reports (SARs).”

Chicago-based Stoltmann Law Offices has represented investors who’ve suffered losses from dealing with broker-advisors who lost money in retirement plan investments. Hands down, one of the most secure things you own should be your retirement assets. Nobody should be able to pilfer them. But in the internet age, criminals are finding ways into company-sponsored plans.

The Government Accountability Office (GAO), the congressional watchdog agency, recently warned that retirement plans may be compromised by cybercrooks who break into programs like 401(k)s through the Internet. Why are cybercriminals going after these supposedly secure entities? Because that’s where the money is: As of 2018, there were 106 million people in private retirement plans that had more than $6.3 trillion in assets. The main issue with retirement plan security is that plan providers may share data with third parties. That may expose the plan to breaches. Since there’s little to no modern federal guidance how to protect this valuable information, that’s a huge threat.

Why is this information at risk? There are any number of ways that thieves can break in and steal valuable personal data. The GAO found that “personally identifiable information is shared throughout the chain of providers, starting at the plan sponsor and moving back and forth through third-party administrators, recordkeepers, custodians and payroll providers.” That means crooks may be able to take Social Security and bank account numbers.

Chicago-based Stoltmann Law Offices is investigating incidences of investors whose brokerage accounts have been hacked. Market regulators are investigating reports that customers of the popular online trading app Robinhood were ripped off. Hackers reportedly obtained account information of Robinhood customers, then transferred funds out of their accounts. The customers have contacted the U.S. Securities and Exchange Commission and FINRA, the securities industry regulator, to probe the thefts.

How safe is your money in an online brokerage account? It should be protected by numerous safeguards, although lately cyberthieves have found a way to steal money directly from investors. During the COVID pandemic, online trading soared, with millions of day traders using their phones and other devices to trade stocks and other securities. But as a recent wave of customer complaints suggest, their accounts have been hacked and money taken from their accounts, according to Bloomberg News.

In a statement to Bloomberg, Robinhood did not take responsibility for the thefts:

Stoltmann Law Offices has previously alerted consumers that their brokerage firms can be held responsible for theft in their brokerage, bank, or cryptocurrency accounts as a result of hacking. We have been successful in recovering these losses from brokerage firms for our clients. That is because the regulations are very clear on the supervision and compliance procedures that these firms must execute to protect their clients and their hard-earned savings.

FINRA Rule 3110 requires brokerage firms to establish and maintain a supervisory system to achieve compliance with applicable securities laws and regulations. Included in this supervisory system is the requirement to safeguard customer funds and securities and to inspect the “transmittals of funds (e.g., wires or checks, etc.) or securities from customers to third party accounts; from customer accounts to outside entities (e.g. banks, investment companies, etc.)…” (FINRA Rule 3110(c)(2)(A)).

Firms are further required to comply with the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID). Pursuant to Regulation S-ID, this includes having an Identity Theft Prevention Program with procedures to identify, detect, and respond to red flags of identity theft. 17 CFR §248.201(d).

The Financial Industry Regulatory Authority (FINRA) recently fined Lincoln Financial Securities Corp (LFS) $650,000 for its failure to adequately supervise third-party vendors tasked with electronic storage of customer records and electronic preservation and retention of customer consolidated reports, and other cyber risk compliance lapses. This comes after 2012, when foreign hackers accessed 5,400 customer confidential records and information. Allegedly, LFS had certain procedural, administrative and information technology data security deficiencies that occurred before and after the attack. In addition, LFS was the subject of a 2011 Letter of Acceptance, Waiver and Consent (AWC) with FINRA, because of cybersecurity failures related to the safeguarding of customer records and information under the Securities Exchange Act of 1934. Specifically, LFS allegedly failed to adopt WSPs regarding the storage of customer data on cloud-based systems. Additionally, FINRA found that LFS did not adequately test and verify the security of information that could be stored on cloud-based servers, and therefore would not be able to tell if a computer server was breached. Please call our securities law offices today if you invested money with Lincoln Financial Securities Corp and would like a free consultation with one of our attorneys about your options. Please call today.

CNBC
FOX Business
The Wall Street Journal
Bloomberg
CBS
FOX News Channel
USA Today
abc NEWS
DATELINE
npr
Contact Information