Cybercriminal groups, leveraging advanced phishing kits from a China-based collective (e.g., 'Outsider'), targeted Charles Schwab customers to compromise brokerage accounts. The attackers exploited SMS-based multi-factor authentication (MFA) to gain unauthorized access, then used hijacked accounts to manipulate foreign stock prices via a ‘ramp-and-dump’ scheme. By coordinating purchases of low-value stocks (e.g., Chinese IPOs or penny stocks) across multiple compromised accounts, they artificially inflated share prices before dumping holdings—leaving legitimate investors with worthless assets. The FBI and FINRA flagged this as a systemic threat, with victims facing unrecoverable financial losses due to the collapse of manipulated stocks. Schwab acknowledged the risk but noted industry-wide vulnerabilities in SMS-based verification. The attack also exposed weaknesses in brokerage MFA systems, where phished one-time codes enabled persistent account takeovers. While Schwab implemented mitigations (e.g., client advisories), the fraudsters’ use of pre-positioned trades and cross-border coordination (via Chinese exchanges) minimized traceability, amplifying reputational and financial harm.

The Maine Office of the Attorney General disclosed a data breach at Charles Schwab & Co., Inc. on June 8, 2023, stemming from insider wrongdoing discovered on April 19, 2023. The incident compromised sensitive personal data, including driver’s license numbers, affecting 774 individuals, of which 4 were Maine residents. The breach involved unauthorized access or misuse of internal systems by an employee or trusted insider, leading to the exposure of personally identifiable information (PII). While the exact scope of the stolen data beyond driver’s license numbers remains undisclosed, such breaches typically heighten risks of identity theft, financial fraud, or targeted phishing attacks against victims. The company likely faced regulatory scrutiny, potential legal liabilities, and reputational damage due to the failure to prevent insider threats. Insider-driven breaches are particularly concerning as they exploit legitimate access privileges, bypassing traditional cybersecurity defenses. The incident underscores vulnerabilities in internal controls, monitoring, and employee vetting processes, which are critical for financial institutions handling high-value client data. No evidence suggests ransomware or external cyberattacks were involved, focusing the blame solely on internal malfeasance.

The Maine Office of the Attorney General reported that Charles Schwab & Co., Inc. experienced a data breach involving inadvertent disclosure of personal information from May 18, 2021, to December 16, 2021. Approximately 5,083 individuals were potentially affected, with 15 residents specifically noted. Identity theft protection services from IdentityForce were offered to those affected for 24 months.

The California Office of the Attorney General reported a data breach involving Charles Schwab & Co., Inc. on May 3, 2016. The breach involved unusual login activity starting on or after March 25, 2016, potentially exposing client names and account numbers, although it is unclear if any actual data was accessed. No specific number of affected individuals was provided.

The Washington State Office of the Attorney General reported a data breach involving Charles Schwab on October 1, 2015. The breach occurred on August 25, 2015, and affected 52 residents in Washington, with sensitive information including names, Social Security numbers, and full dates of birth being disclosed.