Sage Advice

[Musica40]

I am seeking advice on how to handle my situation. TIA. Yesterday I had a situation where my high yield savings account was compromised. The short version of the story is I only use this account for savings purposes. Yesterday I had a balance of $18,000 and I transferred$4000 to my personal checking account. While looking at my emails, I started seeing unusual activity where trades were being made out of this account which were not authorized by me. Without mentioning the institution, I tried to reach out to them but they had no telephone number for customer service so it had to be done via messaging or email. By the time they came back to me there had been like 30 to 40 trade transactions which were not authorized by me. At the end of the day my entire account was liquidated. I have had no assistance from this company and I'm wondering what my options are or who should I contact or where to start. I have sent them numerous emails asking for an update and they tell me that there is no ETA and that's the best that they can offer me. I feel they should be doing more and I know that I should report them to someone like the SEC , CFPB or FINRA. THeir lack of response is deplorable. I have never traded on this platform. Based on trades, The company can easily see that I have never traded and only put my money in there for the high yield. Any suggestions? I am currently out $14,600. The name of the company is Public.com.


Update: They are attempting to say it wasn’t their fault and washing their hands.

Thank you for standing by and for your continued patience as we reviewed your account. We're writing to follow up on your recent report of unauthorized activity in your Public account. We take these matters very seriously and understand your concern. After you contacted us, we placed a full restriction on your account to prevent any further trades, deposits, or withdrawals. We also began a thorough internal review of your account's recent activity. Our investigation found that your account was accessed by an unauthorized third party using your login credentials. We want to assure you that this was not the result of any security issue with Public, and we have found no evidence of a data breach or a compromise of our systems. Because the unauthorized activity was the result of your personal account credentials being compromised, and not the result of a breach of Public’s systems, we will not be compensating for any market or trading loss incurred. We also will not be performing any corrections to remove or cancel trades that occurred during this period. Our review does, however, indicate that the activity in your account generated a negative cash balance. To cover this, Public’s Operations team will sell a sufficient amount from any of your existing investments to resolve this balance. If a negative balance remains after all investments in your portfolio have been sold, Public will, as a one-time courtesy, apply a credit to resolve the remaining deficit in your account. We have reported this incident to the Financial Industry Regulatory Authority (FINRA) and other applicable authorities. You may now restore access to your account. To do this, you will first need to reset your password. Please follow these steps carefully: To reset your password from the Public app: Select the Log in button Select Forgot Password? Enter your email address, then select Next * You'll receive an email from Public with a link to change your password To reset your password from the Public.com website: Select the Sign in button Select Forgot your password? Enter your email address, then select Next * You'll receive an email from Public with a link to change your password *When entering your email address, please ensure it's spelled correctly and there are no spaces before or after the email address Your security is our priority, and we are here to help you protect your account from future phishing attempts. We encourage you to always use strong, unique passwords and be cautious of any suspicious activity. If you used the same or similar passwords on other financial websites, you should change them immediately. Once you reset your account’s password and can log in to your account, we will also you need you to complete our identity verification process. If you have any questions about the password reset process or otherwise securing your account, please contact our support team by responding to this message. Thank you, Member Support Chris Customer Experience Manager Advanced Research Team Open to the Public Investing, Inc., Member FINRA/SIPC Public © 2026 Investors First Public.com Terms of Service Public.com Disclosure Library Public.com FAQs

Am I screwed? How do I proceed?

 

[jollystomper]

It is tough to provide advice without naming the institution. There might be others here who have had experience with said institution and can offer their experiences dealing with them. No phone number for customer service is a big red flag.

What government organization regulates them? Usually, when you open an account, and/or on their website, you are provided information about what regulatory agency or agencies they fall under, and can therefore be reported to.

 

[Gotadimple]

Start with your own state's Secretary of State. Most have a consumer affairs division. While they have no oversight, they can point you to the appropriate organization. If this bank is federally insured, you also want to notify either/both your congressional Representative or Senator.

 

[MarieIG]

IdentityTheft.gov

Report identity theft and get a recovery plan

www.identitytheft.gov

Home Page - Internet Crime Complaint Center (IC3)

www.ic3.gov

I found these ^ - government websites. I would start by report it to as many government entities as possible from local, to state, to federal. Collect reports, and then follow-up with e-mails and letters (regular & CMRRR) with copies of the reports and demands for reimbursement.

I would also do further research regarding your reporting requirements and rights so as to cover as many basis as possible.

 

[HarveyS]

Why don't you name the firm so others can avoid it?

 

[Musica40]

Why don't you name the firm so others can avoid it?

Public.com.

 

[jazz4cash]

That’s heartbreaking. I’m going through all my financial company sites to verify they have phone contact numbers listed.

I hope you will reconsider not identifying the institution. It might help the rest of us. I am curious if it is a fintech.

 

[Musica40]

Public.com

 

[jazz4cash]

That’s heartbreaking. I’m going through all my financial company sites to verify they have phone contact numbers listed.

I hope you will reconsider not identifying the institution. It might help the rest of us. I am curious if it is a fintech.

Ok, thanks. I posted this before you named them. I will continue to avoid. Could be a big mistake, but still. I hope you get some restitution.

 

[Sunset]

When you started getting emails, did you change the password immediately ?

Be sure to change your password on other accounts if you use the same password.

 

[Kings over Queens]

I just spent some time poking around the website and see they are very upfront about not having telephone support. You might try the press@public email to get some attention.

They are regulated by FINRA.

If it were me, I'd be researching to see who is on the corporate board, and reaching out those people. Nobody on boards likes to be contact about problems and in my experience, when you shake that tree, lots of responses fall.

 

[Sunset]

I looked them up as well, so the good news is they have been around for while and are legit.

One of the things we like about Public.com is the company’s commitment to transparency. Here are a few highlights.

• Public.com brokerage accounts are held with Open to the Public Investing, Inc, a registered broker-dealer with FINRA.
• Users’ shares are held in street name at Apex Clearing Corporation, Public Investing’s clearing and custody firm.
• Both Public Investing and Apex are members of SIPC and FINRA.
• SIPC insurance coverage protects user assets up to $500,000.

This transparent approach is something that should set investors’ minds at ease. If you use Public.com, you won’t need to worry about a company failure putting your assets or your high yield cash account at risk.

 

[Kings over Queens]

Perhaps you can find a phone number with their address?

 

[Kings over Queens]

 

[Kings over Queens]

Try this perhaps?

 

[sdawson]

Insurance coverage​

SIPC protects the cash and securities in your portfolio up to $500,000. FDIC provides up to $5 million in protection for your High-Yield Cash Account.


Wondering what that actually means. Does it cover fraudulent transactions.

If you have Identity theft insurance, they may be able to help you out I would think. Identify theft insurance will not make you whole, but can be used so their agents help you identify what to do and help with the proceess.

 

[Dash man]

Does your local news station have a consumer affairs reporter?

 

[Spock]

Insurance coverage​

SIPC protects the cash and securities in your portfolio up to $500,000. FDIC provides up to $5 million in protection for your High-Yield Cash Account.


Wondering what that actually means. Does it cover fraudulent transactions.

If you have Identity theft insurance, they may be able to help you out I would think. Identify theft insurance will not make you whole, but can be used so their agents help you identify what to do and help with the proceess.

SPIC only covers if the brokerage goes under.

 

[Koolau]

That’s heartbreaking. I’m going through all my financial company sites to verify they have phone contact numbers listed.

I hope you will reconsider not identifying the institution. It might help the rest of us. I am curious if it is a fintech.

Right. If they don't have a phone number I won't do business with them. Period.

 

[Aggie1999]

I like the final FU where they say they are liquidating your other accounts to cover the fraudulent negative balance.

 

[HarveyS]

Were you at home when you transferred the $4000? On wi-fi or cell data? Or, were you outside on public wi-fi? Could someone have looked over your shoulder and "lifted" your log-in info?

 

[Kings over Queens]

Am I screwed? How do I proceed?

They aren't wrong if the transactions were the result of your credentials being compromised due to something outside of their control. The problem I have with that response is the utter lack of customer service. They easily should and could be able to claw back the money from the accounts that received it. My view is that they should be doing something to help.

I'd probably start now with the police or FBI, given its technically a bank theft or theft from inside a bank, albeit electronic.

 

[Romer]

It looks from their response that that took your request and researched it

Since your credintials were compromised and not of their doing, this does not look like their issue.

It looks like you have been compromised and I would be concerned about any other accounts you have.

Did you have two factor authentication on this account? Do you use a password manager?

Do you use the same password elsewhere?

I understand you feel they should be doing more and I understand your perspective. Once the attributed the issue to your being compromised they don't have any further responsibility as cold as that may seem.

I would take the opportunity to improve your personal security for all the sites you use, eespecially those that are financial.

 

[Jerry1]

OP, I'm sorry this happened to you. It's clearly one of those nightmare scenarios that no one wants. It's hard to believe that there is a financial services company today that does not have immediate access to a customer service person that would have allowed you to lock your account before it went to zero and maybe even stop some of the transactions in process. Typical in all these cases is that we learn from what others have had happen. I will make sure never to do business with a company that doesn't have immediate access to a customer service representative like you find on the back of a credit card.

 

[jazz4cash]

Just realized OP gave a grim iodate in post#1. If it was me I would cut and paste their response into a post on their official reddit subforum as a PSA.
How do they know if access is unauthorized if the hacker has your login credentials? Does a simple 2FA text prevent this? What other steps can we take? Sorry you got hacked OP but I appreciate hearing your story to help us be more diligent.