“The bottom line is that unlike a credit card with federal law protections, and unlike a bank account where lack of authorization will restore funds (e.g., a forged check), a brokerage account has no such legal protections,” McCreary said.
The Securities Investor Protection Corp., which functions for brokerage accounts in a way similar to the FDIC for U.S. bank accounts, does not cover situations in which money and securities are stolen due to a hack.
There is not much in the way of protection for international investors seeking compensation, either. Those in Europe may have the option to pursue in the General Data Protection Regulation, said Simon Shooter, a partner at law firm Bird & Bird in London who heads its cybersecurity group.
GDPR is a stringent regime governing how companies gather and use citizens’ information, giving consumers more control of their data. Investors could have a right to some compensation if a hacked firm did not comply with GDPR requirements when it comes to the security and safety of data.
