E-Trade and TD-Ameritrade Users Hacked!

Computer hackers based in East-Europe, Asia, and Thailand have successfully hacked into thousands of TD-Ameritrade, E-Trade, Fidelity, and Charles Schwab user accounts in what is being called the biggest single identity theft crime in history.

The heist is currently being investigated by the FBI, the SEC, and the National Association of Securities Dealers, and with good reason. New York-based E-Trade spent over $18 Million to compensate its users for losses and Nebraska-based TD-Ameritrade (formerly run by Pete Rickets) also lost an undisclosed amount of money as a result of the intrusion.

It appears that the hackers bought little-traded penny stocks before the attack at very inexpensive prices. Once they had infiltrated the online brokerages, they leveraged the money in customer accounts to buy large quantities of the same penny stocks under multiple names. The sudden increase in demand caused the penny stocks to surge in value and the perpetrators were then able to sell their original shares at a huge profit. This kind of scheme is called a “pump and dump” tactic.

In the past, the pump-and-dump was relegated to those junk email messages you receive telling you about a hot stock set to explode on Monday. The hope is that the emails will encourage online investors to buy the stock so the email sender can sell his shares at a profit.

There are safeguards in place to warn security personnel at online brokerages if some one’s account is displaying unusual activity, such as a mass withdrawal of funds or sudden wire transfers to non U.S. accounts. This attack was successful in large part because no money as actually withdrawn form the user’s accounts. The attackers simply sold the user’s holdings and used the money to inflate the value of the targeted stocks.

The Federal Deposit and Insurance Corporation protects bank deposits at FDIC insured institutions for up to $100,000 in deposits. Online brokerage accounts are not covered by the FDIC, so there is no Federal safety net for this type of situation. All of the effected brokerages, however, have promised to reimburse their clients in full for any losses from the security breech.