Skip to content

What Happens If Your Investment Account Gets Hacked


You spend most of your adult life saving for retirement, assuming that the money you put away in an investment account or a 401(k) will be safe. But your investment account is like your bank account or any other online account you have. It can be hacked. If someone gains access to it, they can drain your savings or worse — start trading in your name.

You should be on the lookout for potential hacks and security breaches with your investment brokerage accounts, and you should know what to do if you do get hacked.

How brokerage account hacks happen

Let’s make one thing clear upfront: hackers can get into your brokerage account. Banks and investment firms have strong cybersecurity measures in place, but if you do not take precautions to keep your own account safe, then you risk being hacked.

One of the most common ways hackers take control of brokerage accounts is by sending fraudulent emails with malicious links. They create an email that looks almost exactly like it came from your investment firm and it includes a link to a fake or malicious website. On this illegitimate website, you might be asked to enter your account credentials, which the hacker then steals. They now have access to your account and can transfer all your stocks out or sell them all.

Another way hacks happen with brokerage accounts is with large-scale data breaches. The financial services industry is an obvious target for cybercriminals because these companies handle large amounts of customers’ money. They also gather a great deal of personal information on their customers, such as dates of birth, Social Security numbers, residential addresses, driver’s license numbers, and other sensitive pieces of identifying information.

Here are some of the biggest data breaches in financial services that happened within the last 20 years:

  • In 2020, Experian experienced a data breach that impacted 24 million customers, releasing information such as mobile phone numbers, email addresses, residential addresses, and places of work.
  • The Equifax data breach in 2017 exposed the information of 147 million customers. Names, dates of birth, Social Security numbers, driver’s license numbers, and credit card numbers were compromised.
  • In 2008, Heartland Payment Systems was hacked and 100 million debit and credit card numbers were released.
  • Capital One suffered a stolen data dump in 2019, with 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, and 80,000 bank account numbers being released.

If you hold a brokerage account with an investment firm, you should know you, individually, and your firm could be targeted by hackers.

The signs your investment account has been hacked

Hackers are sneaky. Their goal is usually to sneak into your account so they can steal your information and do as much damage as possible. That’s why it pays to be vigilant and keep an eye out for the following signs that your investment account has been hacked:

  • Unfamiliar trades: Make sure you confirm each trade listed in your account history. If you see any you don’t recognize, or you receive an email confirmation for a trade you did not execute, it’s possible your account has been hacked.
  • The website is “down for maintenance”: If you are in the process of logging into your account on your investment firm’s website and you see a message saying the website is down for maintenance, it could be a man-in-the-middle attack. This type of attack lets a hacker steal your credentials as they’re being transmitted to the firm’s website. If you notice something like this, alert your investment firm immediately.
  • You’ve been hacked once before: If your personal information has been compromised once before — whether with your investment account or another online account — you’re at risk of being hacked again. You have had your info exposed in a data breach with another company or service you use so you need to be extra cautious with your brokerage account.
  • Junk mail related to investments: Are you receiving a bunch of offers for opening a new investment account? It’s likely a sign that someone opened a new account using your information.

What happens if your investments get hacked

If your credit or debit card gets compromised, there are laws in place to protect you and limit your losses. However,those same laws generally do not extend to brokerage accounts.

It’s highly possible that if someone fraudulently withdraws money from your investment account, you will not be reimbursed.

In fact, most brokerage firms don’t address responsibility for client losses due to a cyber-related incident. Those that do put most of the responsibility on the client. The firms that have brokerage guarantees, like Vanguard with its online fraud policy or Charles Schwab with its Security Guarantee, say they will cover your losses. But only if you undertake your “responsibilities.” You are supposed to keep your account safe by reviewing your accounts on a regular basis, protecting your password and computer, and not replying to email requests for personal information.

So if you click on a malicious link in an email that looks like it’s from your investment firm but really isn’t, and your account gets drained, it’s your fault for not being more cautious. And you don’t get reimbursed.

For this reason, it’s extremely important to protect your investment accounts and follow some of the below tips on preventing hacks.

How to prevent a brokerage account hack

The guidelines for keeping your investment account safe are the same as for any other online account. If you already practice good personal cybersecurity in general, then these tips probably aren’t news to you. If not, you’ll definitely want to read and implement the following tips from the US Securities and Exchange Commission (SEC) concerning your brokerage account:

  • Use a strong password: The password for your brokerage account should be a random series of at least 16 letters, numbers, and punctuation marks. You can use a password manager such as BitWarden to both generate a strong password for you and store it so you don’t have to try to remember it.
  • Change your password often: Update your brokerage account password every 2-3 months. If the service you use has a data breach and your credentials end up in a hacker database somewhere, you will want to have changed your password before someone can use it to hack your account.
  • Enable two-factor authentication (2FA) or multi-factor authentication (MFA): Your investment firm should have 2FA or MFA available as a secure login option. It works by requiring a second form of identification from you in addition to your password. Usually, you can set up 2FA to send a code to your cell phone that you must enter after inputting your password.
  • Activate alerts: Turn on or opt into account alerts so you receive notifications of account logins, failed login attempts, password changes, updates to personal information, securities transactions, money transfers, or linking an external financial account. If something suspicious is happening with your brokerage account, you’ll know about it right away.
  • Avoid public Wi-Fi and computers: Try not to access your investment accounts using a public computer or when connected to a public Wi-Fi network with your device. If you do need to use a public computer, never walk away from it while you’re logged in, disable password saving, and delete the web browser’s history, caches, cookies, and the computer’s temporary Internet files. Change your password too. If you must use a public Wi-Fi network to check your accounts, make sure your device is updated, has anti-virus software, and a firewall is enabled. Turn off file sharing on your device as well. To avoid connecting to public Wi-Fi by accident, make sure your device is not set to automatically connect to any available Wi-Fi.
  • Don’t click on links sent to you: If you receive an email, text message, or another form of communication about your investment account containing a link, do not click on that link. It could lead to a bogus website that asks you to input your credentials only to steal them from you. It could also lead to a site that downloads malware onto your device. If the message looks like it’s from your investment firm or broker, contact them yourself to ask about the link first. If it’s legitimate, they will tell you.

Keep your investments safe

Losing your life’s savings or having someone buy stocks you can’t afford is scary. The fact that protection for investment account fraud is so limited is even scarier. By staying vigilant, however, and signing up with a firm that takes security seriously, you can increase your chances of avoiding an investment account hack.

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety

Technology from James Bond Movies that Exists Now

James Bond movies first hit the silver screen in 1962 with the release of Dr. No. Based…

[Read More]

The Dangerous Evolution of Ransomware

The phrase “ransomware” strikes terror into the figurative hearts of corporate heads and IT professionals. A dark,…

[Read More]

Is Your Boss Allowed to Track Your Internet Usage?

With so many people working from home now, one big question employees have started asking is: Can…

[Read More]

Why You Should Have a Cyber Defense Plan

If you’re not aware of and addressing blind spots in your cybersecurity, you can’t prevent or mitigate…

[Read More]

Here’s Why You Need to Pay More Attention to Your Chrome Extensions

How many extensions do you have installed on your Google Chrome browser? You know, those tiny icons…

[Read More]
Boy holding sign that reads: Family killed by ninjas. Need money for karate lessons.

Crazy Scams that People Actually Fell For

There are always people eager to make fast and easy money and lonely adults are always looking...

[Read More]