Brokerage hackable?

[dallas27]

I keep money at tdameritrade, and formerly fidelity. I figure eventually, one of these days, their will be a security breach. I've read the insurance print, but what do you guys think will happen if there is a major breach and loss of millions or billions? Even if my money is safe, being locked up in court for 5 years could be disastrous.


Sent from my iPhone using Early Retirement Forum

[MRG]

Don't worry be happy.

Nobody's going to allow that to happen. There's ways the funds have to protect the 0s and 1s that represent your assets. If your really afraid both Fidelity and Vanguard provide no loss gaurentee due to hackers. Sure you have resposibility to have virus protection etc. Just normal security.

The silly ways people hacked Anthem and Target et al. don't apply to apply to fund companies. They have real security. Did anyone steal money with the data that was lost to date, not directly, just the possibility of id theft. There's a big difference between getting a list of names and using that list to wire funds out.

Worry about asteroids much bigger danger.

[Fermion]

It is a very real threat. You can joke it aside but the systems are far more vulnerable than you think. Coming from a software engineer who has worked on said systems.

[target2019]

Quote:

Originally Posted by dallas27 I keep money at tdameritrade, and formerly fidelity. I figure eventually, one of these days, their will be a security breach. I've read the insurance print, but what do you guys think will happen if there is a major breach and loss of millions or billions? Even if my money is safe, being locked up in court for 5 years could be disastrous.

There are security breaches every day. It's a question of how you define security breach and how extensive the next one goes.

I think of the next breach like this. In 1993 the WTC was bombed. The effect was limited, but deadly. In 2001 the WTC was bombed. The effect was devastation on a scale not seen in the US. The effect was geo-centered, but involved many nearby buildings, and disrupted communications. It had lasting impact.

We have had security breaches continuously since forever. These inflict damage every time. Eventually we will have a breach of great magnitude, and the lasting effects will be on a scale not seen before.

But a meteor may get us first. For now life goes on as usual.

[brewer12345]

One point in favor of Schwab over Fidelity is that Schwab owns a thrift/S&L/bank and therefore is subject to federal reserve regulation from the very top of the company on down and a savings and loan holding company. That means that they are regularly bonked on the head by their very own federal regulators (who are not the politically conflicted SEC) to do things like spend money on security.

[dallas27]

Im talking about a breach that causes the company to fold, not just a few million here and there each month


Sent from my iPhone using Early Retirement Forum

[MRG]

How would that many transfers happen in short order without the brokerage being aware? They do monitor for unusual activity. If all their assets were stolen I'd guess that would seem unusual.

[Lakewood90712]

Quote:

Originally Posted by dallas27 Im talking about a breach that causes the company to fold, not just a few million here and there each month Sent from my iPhone using Early Retirement Forum

That type of hack could conceivably shut down operations for a day or two , but the money always has a trail , don't see large permanent loss.

I would be far more worried about someone hacking my own accounts and siphoning off money. If you don't catch it within a specified time period, you may be screwed.

[GrayHare]

Exactly what would be stolen? A bunch of digits? Can't the brokerage put the digits right back where they were?

[MRG]

Quote:

Originally Posted by GrayHare Exactly what would be stolen? A bunch of digits? Can't the brokerage put the digits right back where they were?

+ 1

It's been done many times.

[dallas27]

Wow, seems many of you guys believe theft is impossible. Scary.


Sent from my iPhone using Early Retirement Forum

[brewer12345]

Quote:

Originally Posted by dallas27 Wow, seems many of you guys believe theft is impossible. Scary. Sent from my iPhone using Early Retirement Forum

Whether we believe it is possible or not, what can we do about it?

[Fermion]

Quote:

Originally Posted by dallas27 Wow, seems many of you guys believe theft is impossible. Scary. Sent from my iPhone using Early Retirement Forum

Yeah, nobody thought a plane could take down a huge skyscraper either.

It may not be easy to reconstruct the accounts to pre-attack status and it may not matter if panic sets in and faith in the financial system is lost.

[dallas27]

I'm surprised considering we all know that banks were recently robbed for a billion dollars, and apparently it's unrecoverable.




Sent from my iPhone using Early Retirement Forum

[Lakewood90712]

Quote:

Originally Posted by dallas27 I'm surprised considering we all know that banks were recently robbed for a billion dollars, and apparently it's unrecoverable. Sent from my iPhone using Early Retirement Forum

Some examples ?

I would think such things could occur when banks are carelessly or illegally doing business with international criminal enterprises, which they should not be doing anyway.

[MRG]

Quote:

Originally Posted by Fermion ...snip.. It may not be easy to reconstruct the accounts to pre-attack status and it may not matter if panic sets in and faith in the financial system is lost.

Data recovery 101; have known check/restore points. Remember a 24x7x365 shop can piece together atomic transactions for months.

You avoid panick by fixing data before anyone knows. How normal are these type recoveries? They might occur more often than you think.

[M Paquette]

Know what's really scary? Reasoning by false analogy...

Be careful out there.

[ClockWatcher]

Quote:

Originally Posted by brewer12345 Whether we believe it is possible or not, what can we do about it?

Other than trying to choose a brokerage that you have cause to believe will have better security practices than a different one, I don’t think that there is much that we can do to limit the possibility that a company with which we do business will get hacked.

At the same time, I don’t like feeling helpless. There are steps we can take to improve the security of our own systems. While breaches/hacks to individuals don't make the news like company breaches do, they are often hacked as well. Individuals do have better legal protections than businesses when it comes to restoring illicitly transferred monies – think credit cards for instance. As long as improper transactions are reported soon after they occur, your liability is only $50. A big concern where individuals must take care is phishing. If the bank, brokerage, or credit card company decides that you improperly gave out your user ID and password, I have read that they may and sometimes do disclaim any obligation to restore your funds.

I have come across guides to improving the security of home systems. In my opinion, these are some of the better ones (in no particular order):

• https://www.bestvpn.com/the-ultimate-privacy-guide/
  
• https://secure.cryptohippie.com/pubs...ivacyGuide.pdf
  
• Jolly Roger's Security Guide for Beginners - Deep Dot Web
  
• https://epic.org/privacy/tools.html
  
• A Complete Guide To Privacy Online - GreyCoder
  
• https://prism-break.org/en/
  
• https://ssd.eff.org/en
  
• Home Computer / Network Security / Privacy

The steps that they recommend take time and effort to implement, but given a choice, I would rather put my time into preventing a loss, than recovering from it.

[gauss]

Quote:

Originally Posted by MRG + 1 It's been done many times.

They can only restore the 1's and 0's that represent the funds in your account back if they have the money to back it up. They can't create it out of thin air. Otherwise it would be illegal.

Only the Federal Reserve has the power to create money out of thin air and there actually is an accounting record of when it is done FWIW.

I share OP's concern that for anyone with significant assets (ie average retirement accounts of ER board members) that this should be a larger concern than the "Identity Theft" hype that we see in the media that is getting everyone all riled up.

I would like to have a better personal understanding of the law (if any, Fed or state) that protect the holders of these types of accounts due to theft (internal or external) and the conditions under which the holder is protected or not.
- basic mutual funds
- brokerage accounts
- IRA wrappers
- 401k wrappers

I would also be interested in knowing how this would apply to paper securities -- ie those not held in "street name".

-gauss

[MichaelB]

Generally speaking, the laws that protect us against theft from our brokerage accounts are the same laws that protect us from crimes in our homes or against our persons. The only regs that are specific to electronic theft of financial assets are part of the ETFA, which protect us from unauthorized transactions in personal accounts at banks.