What to Do If Your Online Brokerage Account Is Hacked

by Admin Istrator | August 19, 2020 2:42 pm

What to Do If Your Online Brokerage Account Is Hacked

When you hold your money in a bank account or process transactions using a credit card, there are legal protections in place to offer zero-liability protection. This means that if you experience unauthorized transactions due to fraud, as the account owner, your money isn’t on the line. You’ll be reimbursed for the damages, and your account will be reinstated as if nothing happened.

Unfortunately, for investors, there is no such policy. The Securities Investor Protection Corp. is the closest equivalent to the FDIC, which insures U.S. bank accounts. However, the Securities Investor Protection Corp. doesn’t have any protections in place to cover money and securities lost due to hacking. 

Given that most brokerage accounts are protected by a simple username and password, hacking and cyber-attacks are on the rise. This leaves many investors wondering what would happen to their accounts if they got hacked—and what to do about it.

We’ll answer those questions below. Let’s dive in! 

Your first step if you suspect you’ve been hacked is to check your specific brokerage’s policy around fraudulent activity. Most of the common brokerages do cover 100% of losses that arise due to unauthorized activity, but they differ in what they consider to be “unauthorized activity.” Start by learning what your brokerage requires for the situation to be considered a true hack. 

Here are a few common policies:

Charles Schwab

The policy[1]: “Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity. To ensure your protection under this guarantee, it is your responsibility to safeguard your account information and report any unauthorized transactions to us as quickly as possible.”

What it means for you: Your losses will be reinstated provided that you report the unauthorized activity in a timely manner—although it’s unclear what Schwab considers to be “timely.” If you’ve granted access to your account, losses that occur will not be covered, which likely means that common phishing attempts that trick you into providing your credentials will not be reimbursed.


The policy[2]: “We’ll reimburse you the full amount that we determine was taken from your Vanguard account in an unauthorized online transaction on vanguard.com. If there’s evidence you neglected to reasonably safeguard your account, further investigation may be necessary to determine whether we can issue a reimbursement.”

What it means for you: Your losses will be reimbursed as long as you took reasonable action to safeguard your account. It’s unclear what Vanguard considers to be “reasonable action,” but this likely means that you’re not covered in situations where you grant access to your account through legitimate or illegitimate means (like phishing).


The policy[3]: “Fidelity will reimburse you for losses from unauthorized activity in covered accounts occurring through no fault of your own. You must frequently check your account information and promptly review correspondence, account statements, and confirmations as they are made available to you, but no later than 30 days after that information is posted to your account or delivered to you.”

What it means for you: Your losses will be reinstated provided that you report the unauthorized activity within 30 days of it posting to your account. Fidelity also doesn’t cover situations in which you have provided your account information to another person, which likely means that common phishing attempts that trick you into providing your credentials will not be reimbursed. 


The policy:[4] “We offer the E*TRADE Complete Protection Guarantee, which protects your privacy, your assets, and every transaction you make. Complete fraud protection: $0 liability for unauthorized use of your account.”

What it means for you: E*TRADE’s language is slightly vaguer but suggests a similar outcome as the other top brokerage firms. Again, it’s unclear exactly what the company considers to be unauthorized use, and it likely doesn’t cover scenarios in which you have provided your account information.

You’ll notice that there are clear themes throughout these policies. In order to protect your assets, you should take care to do three things diligently. 

Common sense should also apply to your response to email inquiries and phishing attempts. Don’t ever provide your account login information to someone else. Brokerage firms will not ask for this information as they have other methods to verify your identity. If you’re asked for other sensitive information, you can always contact your brokerage’s customer service department directly and ask them to verify the communication. If they can’t confirm that they’ve been trying to reach you, ignore the outreach entirely. 

By following these steps, you’ll be on the right track to recover any lost assets and protect yourself from future hacks. When in doubt, take any additional precaution you can—you won’t regret it. 

  1. The policy: https://www.schwab.com/schwabsafe/security-guarantee
  2. The policy: https://investor.vanguard.com/security-center#fraud
  3. The policy: https://www.fidelity.com/security/customer-protection-guarantee
  4. The policy:: https://us.etrade.com/frequently-asked-questions/account-info

Source URL: https://mdf-law.com/what-to-do-if-your-online-brokerage-account-is-hacked/