So true. The plaintiffs' attorneys will split millions, while the victims will each get cents.

You won't even get that you're just going to get a temporary identity protection

The only class action lawsuit I want from Fidelity is that they have to improve security. A monetary award is most likely going to hurt the customers more than any other group. I don't want a check for $50 (or whatever) only to have them raise commissions and fees to make it up.

try a few years.

😂

What kind of protections do you recommend?

@@jlog7395 My first idea: Design a National ID (or system) to use in place of social security numbers, for use as a unique identifier in cases like financial companies, employment, and background checks (for things like renting). One of the reasons the tech companies want to use passkeys is because if a passkey is stolen in a hack, it's useless to the hacker as a password. Now, we probably can't use public key cryptography directly for a national ID, but I'm reasonably certain a consulting company can design something better than SSNs as a National ID.

Like what? Every institution I have contact with has been hacked so far. It's endless. It's also frustrating, tiresome, and scary.

Only protection available is monetary or encryption. Sadly quite a few companies do not use safe encryption methods and some don't use any whatsoever...

Totally agree! SMS nor emails are secure at all!

Agree! Authenticator and Passkey are minimum required. SMS should be completely phased out, even if it's used as a backup alternative -- it's still considered a weak link. At the best, it should allow using Yubikeys / WebAuthN.

They don’t care, they don’t want to spend money on countless customer service tickets from people locked out.

Schwab and Fidelity do offer symantec VIP. if folks start to move funds away from less secure providers that would go a long way to get better protection for all

Some are starting to. One issue is that many of these are regulated, and changes have to be vetted, and approved by regulators. If we could get to MFA via apps, it would reduce SMS dependency

I'm surprised that you just mentioned and recommended Brooke Miller, I met her at a conference in 2018 and we have been working together ever since.

The very first time we tried, we invested $1000 and after a week, we received $5500. That really helped us a lot to pay up our bills.

She is my family's personal broker and also a personal broker in many families I'm United States, she's a licensed broker and a FINRA AGENT in United states

I'm new at this, please how can I reach her?

+138

That's exactly the correct action. Regards.

@@thaddeus46 You should always keep it frozen unless you're entering a transaction or opening an account. And then, you should refreeze it after it's completed.

You should freeze your credit regardless of this. 77K out of the many customers they have is very small. THose other huge data hacks were much larger with hundreds of millions of data breaches.

ah, our friends the credit reporting agencies. The Great Equifax Hack of 2017, where they lost the data of 147 M Americans. Nowadays they have the nerve to try and SELL you Credit Monitoring!!

I tried by the credit reporting agency couldn't verify me when I tried to freeze my credit.

I completely understand. Ensuring financial security in retirement is crucial. Have you considered consulting a financial advisor?

Yes I have. But I don’t know who exactly yo trust to provide the right advices and guidance for me.

True. I have been in contact with a CFA that specializes in retirement planning. Her expertise can help optimize your savings and investments.

Who’s this CFA? And how can I reach out to her?

She’s a CFA with strong track record and you can research more about her online and also get to leave her a mail to reach out to her.

Best comment! Might as well you get paid for it if someone is going to pay for it. Some years ago, my brother had some hacker try like 16 times to take out credit and loans in his name by stealing his identity. The bad guy finally gave up because my brother's credit rating was so bad at the time, none of the attempts succeeded. Only time I ever heard of where it paid off to have bad credit.

I feel the same way. It seems futile, no matter what I do. I've had hack letters from every organization I deal with almost monthly. 🥺🥺

Sadly identities aren't actually worth much without yourself. You can however look for job postings for interview sitting. They have it people that use you as the face and they hack the companies you get hired for and send you the money

Correct. You have to assume you are compromised and go from there. With everything. Everywhere. 2FA on ALL accounts. Credit freezes should be the default posture, for everyone, no exceptions.

Seems like a get notified about my data being leaked about once a month

Exactly....100% its all already out there. Just freeze your credit...

Yup. Due to a ton of company breaches.

this is strictly prohibited by most brokers. both Fidelity and Vanguard have procedures to set up financial power of attorney (while you are living), and beneficiaries.

Thanks, good to know.

Correct- in Texas- I know from first hand experience, ensure you have access to their email and phone. My 50 yr old, tech naive sister passed and while not good, she fortunately never used a lock screen code on her phone. It took weeks to get her simple will approved by the probate court and formally appoint me her executor. During that time, there were all sorts of admin things that could not wait, especially since I had to travel and overnight in her city. There are funeral arrangements, had to access her facebook and iphone contacts to share the news of her passing, login to turn off cable service, gym membership etc. This stuff cannot wait for probate or charges continue to post. Needed the phone to go in and freeze her big three credit accounts/reports, etc. All this and she was a simple estate, single, no children, with no assets. It was emotionally and administratively exhausting and I’m a business professional. long story short- encourage all loved ones, if not you, to at least ID sowmeone or store somewhere the code to your smart phone. And having a pre-setup financial power or attorney is often not enough, in some jurisdictions, it has to still be endorsed bu the probate court. So your cell service provider is not going to help you (and they don’t store iphone lock screen codes- you’ll need the NSA for that!!) so if your family has 2FA using SMS, you’ll be in for a long, long, long, complex process to try and get access to accounts and email. Me having my sisters phone saved me literally three months and mountains of paperwork. It’s scary but put somewhere somehow safely yours or loved ones phone lock screen code for emergencies. It’s a new age people and the security steps are great but there’s a massive payback in other areas.

You are absolutely correct

We will never know. Just guessing, one of three of the most common security holes were exploited: inside job, unpatched or new VTM/CVE (NIST) in open source code / API, and weak security breach / intrusion monitoring & detection. They obviously had security monitoring, as they detected breach in two days. Should have happened in minutes, not hours, or days. Also, they should have all PI data encrypted, both in flight & at rest, so what ever data the bad actors stole would be useless.

I use Fidelity for most of my investing. I do keep a tranche of I-bonds for emergency/bond allocation and pay all my bills from a separate bank account. Also, like Rob I set up a separate email account for all financial accounts. This ensures I always have access to several years worth expenses if there is an issue.

You’re only 55. I would get money management just in case... truth is, many people live well into their 80s without such amount

@arlenehill4ril bravo! I've worked in real estate for over 25 years and have neglected a major stock portfolio, but I need a different plan now... mind if I look up the professional guiding you please?

To be honest, one million to retire is not enough. I have that and still like to work continuously, I am 56 years old and paid off my house. One million nothing in these days

Can't answer question unless you know your annual spending budget.

Yes I like everyone advertising they have a million bucks. That way the hackers of KZbin accounts can go in and trace you down.

It will help some lawyers.

It just means Fidelity will raise their fees, and we'll all be worse off.

Class action isn't doing it. But government fines will force companies to spend money on actual IT people (not outsourced idiots) to build systems much harder to breach than their competitors so hackers will move to the competitors. Then the govt gives the competitors and that's how we can mitigate it to the point of not seeing so much of this.

Any chance that a hacker got it before you froze your ss number?

I am in Minnesota and am part of the 77,000 victims. I suspect each state has it's reporting requirements

@@cello5-q2j Ah, Minnesota! One of the better places to be regarding climate resiliency! Although I think the winters would be brutal. I don't handle the heat and humidity well in the summers here in Delaware, but I also don't think I'd handle the brutal winters either. I'm kind of surprised I haven't seen any mention of the breach on the Fidelity site. I'm on it quite often, I will have to go searching...

How do you freeze your SS number? And what, exactly, does that mean?

it would be nice for brokerages to allow alias accounts with strictly read-only access for syncing and view aggregation.

Fidelity has the same feature which I have done as well. It at least protects your assets from being moved out of the account.

Yeah, sometimes these hacks end up sitting for while before that data is acted on, depending on who it is sold to and what they can actually leverage with that data.

@@BrewReview Yup. They wait. Then strike when the dust settles. Ask me how I know! Now I'm locked and frozen, and not sure that's enough.

Not true my friend did lose money during a Fidelity hack about a month ago.

The small company responsible for the largest breach of social security numbers this year just went bankrupt

One of my favorite features of Interactive Brokers. It was annoying they required it at first, but since it's through their app it works very well. And now the logic for it is clear.

But they can also hack your phone sim card and if they do that then their phone will ring and receive texts as yours. Getting out there I agree but possible.

The app can be set to open with biometrics.

@@thud9797a pin added to your carriers account will make that much harder to do. I added a pin this week.

2FA is a completely different thing. It's like trying to make the lock to your vault harder to pick, while a data breach is like thieves taking all the data out from a massive hole in the back of your vault. Only the institution can prevent that...

Oh wow. I wonder if I was hacked and got a call but didn’t ever answer 🤔😩😳

​@@leesh2684the only calls i get from fidelity are from their wealth management team trying to peddle their services😂

In that case inflation steals your money without ever having to touch it.

Get a federal pin

Just an FYI that Yubikey has been hacked recently! It may not get to an individual level but chance is there!

That's my question; seems like it's just another email account just like all the rest.

As I understand it, if the email is only used with financial institutions it should not be shared unless some sort of hack/data breach occurs. So if you start getting spam or suspect emails to that email account that would alert you to a problem. My only concern is whether these financial institutions would share your contact info with their affiliated companies and from there who knows…

I believe it was around August 2024, I found just a few days ago on Reddit

How do you know the password manager is legitimate?

@@ricomajestic There are several well known legit password managers. Research on CNET, Wirecutter, Consumer Reports, PCMag. Same “Top 10” come up. I have been using a password manager for over 10 years. Started with free version and upgraded to paid version, as more robust security enhancements were made only to paid version. Money well spent.

yes

I second the motion.

And use unique passwords for every site that are randomly generated by the password manager. Make them long and complex. Secure your password manager using MFA with a long pass phrase.

Even a weak password as long as it's not qwerty123 is good enough. All the broker has to do is prevent multiple tries and no one can hack it .

What happens when that gets hacked?

@@MOstix13 Very unlikely a good pw manager gets hacked . If they take control of your computer, then all bets are off.

@@loupasternak LastPass had a security breach in 2022. Details are easily found online. You are correct, if you grant a bad actor access to your computer, it’s game over - watch the movie “The Beekeeper” with Jason Statham.

Why not?

@@grwbt8703 I don't know. And, most that do support the key, allow you to log in without using the key, so why have it in the first place if it can be by passed by choice? I never get a good answer but I found out then don't want the expense of product support as they think many will call in complaining they are locked out because they lost their key or whatever. I did find one place that you absolutely must use the key to get in , not way around it, and that place is PayPal.

It isn't your passwords that are the problem. No one is trying to hack you individually. Today, they go after companies, and they steal millions of account data at one time. It's likely that there are insiders at the hacked companies that work with these data thieves.

How is your VPN protecting you?

I’d be wary of using VPNs. TLS offers you decent protection as long as your local machine isn’t compromised. VPNs allow man in the middle to snoop on your information and effectively can break TLS. I’m not a fan of all these random companies and KZbin influencers pushing VPNs as a security thing.

Changing your passwords, unique passwords etc, none of that works. I've seen enough of those cases to know. Because a hacker don't care about your password they hack the authentication system to spoof their way in. How your transaction behaves is what companies need to focus on. And all these people commenting on freezing your credit report that will do nothing to prevent a hacker from transferring your fortune out.

@@TransConBrillianceYou need some evidence for that claim. If your claim is true, no secure transaction can happen. We can't even trust your account. It is probably hacked.

With AI, your voice can be imitated as well. Physical key is the only way I feel comfortable about my money not being stolen.

@@nfb1000 except my cell can't be cloned and they can't take over my phone number. I've blocked sim swap, devices change and number port. The brokerage calls me to confirm any transaction request outside our monthly withdrawal or change in standing order for destination account. If they can't take over my cell and the cell is the numbers they call, they can't use AI voice. My wife I can only answer our cellphones.

Do you have 2FA setup using an app or SMS before this happened?

​@@xaxb4178that does not help if they got the social security number.

What can happen if a browser saves a password?

Why not?

@@tomcavanaugh5237 If you go to a site that has undetected malware, the browser can be convinced to give out all stored passwords. Plus of course if someone gains access to your physical device

Because if the computer/phone/device on which the browser is used gets hacked, the hacker has your browsing history plus the passwords for those sites.

To be fair, your bank is likely on that list too.

I doubt Fidelity would call instead they would send a letter. You should call Fidelity directly

@@nashtrucker I have a VP CFP at Fidelity who I meet with every quarter at no additional cost. She called me personally. I also received a letter in the mail 3 days later.

@@nashtrucker I asked a Fidelity rep about "calling me" this morning and he said they do both. If you are affected by a data breach or something nefarious with your accounts they will send a letter and call you.

@@nashtrucker- Fidelity did call some customers directly before the letters were sent out.