Charles Schwab informed some of its customers on May 4 that the company had noticed unusual login activity on their account, possibly due to an unauthorized person having obtained their account username and password.
In a letter posted on the California Attorney General Office website, the company said the unusual activity began on or after March 25 and that the account sign-on credentials were likely taken from a non-Schwab source and then successfully used to access the customer’s account, possibly exposing the client’s names, account numbers, stock positions and transaction history.
Schwab Director of Public Relations Sarah Bulgatz told SCMagazine in an email would not say exactly how many people were affected, just saying the number is small and that the company reacted quickly to the problem.
“We proactively detected the incident and quickly blocked access to the relatively small number of affected clients’ accounts to protect them,” Bulgatz said. “Bottom line, the attack doesn’t represent any vulnerability in Schwab’s systems or technologies, and appears to be something experienced by other financial services firms as well.”
Not details regarding the site used to obtain the client credentials is available, Bulgatz said.
The also company downplayed the possibility that any client information was viewed by another person.
“This is because the person(s) involved likely used an automated program to test large numbers of login credentials against many different accounts, both at Schwab and likely at other financial institutions,” the Schwab letter stated.