401k account raided

[REWahoo]

Think your 401k funds are safe and secure? Think it is anal to check your balance daily?

"One moment Dave DeSmidt had $179,000 in his 401(k) retirement account, the next he had nothing. In an instant, 25 years of savings had disappeared.

With a few clicks, someone raided DeSmidt’s retirement account with J.P. Morgan & Co and ordered a full disbursement to a private checking account."

 

[camberiu]

It took this bloke 25 years to save 179K??

 

[Donzo]

An article like this could lead to mattress stuffing.....

 

[Nords]

My first thought on reading the article was "Woops, JG left himself logged in again"...

It took this bloke 25 years to save 179K??

If you had to pay JP Morgan's fees & expense ratios it might take you a few decades, too...

At least there's a happier ending: "Spokeswoman Mary Sedara said the stolen funds had been recovered and would be refunded in time for Christmas. The firm would even make good on any market gains DeSmidt missed out on while the money was missing, she said."

I wonder if anyone's followed up on JPM's promise. It's absolutely ludicrous that a brokerage would allow a six-figure EFT to a bank account that hadn't been previously set up, confirmed, or otherwise checked. Linking a new bank account to Fidelity takes a couple weeks and sends a slew of confirmation letters. Heck, NFCU puts a hold on any deposit over $2500. I bet JPM's litigation lawyers were ready to quit over the brokerage's statement about "no breach of controls".

DeSmidt was "luckier" than others-- at least he's getting his money back. The hacker could've made a lot more money by using DeSmidt's account to pump & dump penny stocks while the hacker was front-running from another account.

 

[dm]

This actually happened to me once. I had a 401k account and an after tax account that had some American Funds in it. I checked my account one day and they were both at zero. Now these were seperate accounts. I called my broker and he said he saw that I had moved to Kansas City, well I hadn't. He took care of it and the strange part was he also straightened out the retirement fund that he was not a part of.

I check all my accounts often.

I don't see how the individual would be at a loss if he didn't authorize the disbursement. It was the broker or bank that at fault.

 

[FinanceDude]

My first thought on reading the article was "Woops, JG left himself logged in again"...
If you had to pay JP Morgan's fees & expense ratios it might take you a few decades, too...

At least there's a happier ending: "Spokeswoman Mary Sedara said the stolen funds had been recovered and would be refunded in time for Christmas. The firm would even make good on any market gains DeSmidt missed out on while the money was missing, she said."

I wonder if anyone's followed up on JPM's promise. It's absolutely ludicrous that a brokerage would allow a six-figure EFT to a bank account that hadn't been previously set up, confirmed, or otherwise checked. Linking a new bank account to Fidelity takes a couple weeks and sends a slew of confirmation letters. Heck, NFCU puts a hold on any deposit over $2500. I bet JPM's litigation lawyers were ready to quit over the brokerage's statement about "no breach of controls".

DeSmidt was "luckier" than others-- at least he's getting his money back. The hacker could've made a lot more money by using DeSmidt's account to pump & dump penny stocks while the hacker was front-running from another account.

Chase isn't the only big bank with those kind of problems...........

 

[Nords]

Chase isn't the only big bank with those kind of problems...........

I'm surprised that Chase/JPMorgan even let this get into the media. They should've immediately refunded his money and executed a non-disclosure/confidentiality agreement. Instead they've damaged their image far beyond the value of the guy's account.

I'm sure that banks are hacked for billions per year... and just writing it off against the IT or marketing budgets.

 

[modlair]

DeSmidt was "luckier" than others-- at least he's getting his money back. The hacker could've made a lot more money by using DeSmidt's account to pump & dump penny stocks while the hacker was front-running from another account.

This is a really big deal. If hacking accounts had arrived 8 years sooner when daytrading was at its peak, there would have been no undoing it.

Now, because the penny stock has to be thin, the guy front running will be clear in his trading. But that only suffices to start the investigation into him to determine if he is the hacker. Also, and this is the real ugly part, daytrading rooms overseas with offshore accounts won't be traceable. Last time I was in Athens, Greece, just two years ago, I happened past a row of these places just off Syntagma Square with lights on through the night while the US markets were open. No question those people could front run a hacked account and walk away scot free.

 

[bbuzzard]

Vanguard's Solution (seems obvious):

Extra protection when adding or changing your bank online

The privacy and security of your account information are very important to us. That's why we're introducing enhanced online security for adding to or changing your banking instructions on our website.

If you log on to Vanguard.com® and change your bank information or add a new bank, Vanguard will send a bank activation PIN to your mailing address of record.

You must enter this PIN to verify the bank information before you can process online redemptions to that bank.

 

[bbuzzard]

Treasury Direct's Solution (Defeats Keyloggers)

Virtual Keyboard: The virtual keyboard is one of many new security features introduced in TreasuryDirect as part of our on-going commitment to heightened password and account security to protect our customers' investments. The advantage of using the virtual keyboard, with keys that display in random order each time you log on, is that others are deterred from learning your password.

When Java-Script is enabled, each time you arrive at the "Access your TreasuryDirect Account" page to log on, you will be presented with this virtual keyboard to enter your password. You'll use your mouse with the virtual keyboard to enter the letters, numbers, and special characters that are contained in your password.

 

[Anansi]

If hacking accounts had arrived 8 years sooner when daytrading was at its peak, there would have been no undoing it.

Hacking is a well established activity that has been around for about as long as computers have. It has simply increased - and become more criminal - with the expansion of on-line business.

And it is still much more likely that someone got access to his accont because of his carelessness with his access information than because someone cracked JPM's security, although their verification process does seem woefully inadequate.

 

[Dawg52]

I've noticed most banks are adding additional security features to their websites which can be a hassel. I was trying to log on to our company account today and had to jump through several new hoops to get to it but this kind of article drives home the point why financial institutions must upgrade their security.

I check my account daily.