Couple loses $180,000 from retirement savings after accounts hacked

A Chicago area couple logged into their retirement account only to find out it had been hacked, and a large chunk of their retirement savings was gone, and the response from the online brokerage firm is only adding insult to injury.

“Look at these trades at 3:32. That’s after the market closed. I usually don’t place trades after the market has closed,” Erez Hartal said.

Tali and Erez Hartal keep their retirement online trading accounts at Tastytrade, a firm known for being user friendly and having good technical analysis. But while on a vacation in August, the couple started getting emails about activity on their accounts.

“I logged in, and I was mortified,” Erez said.

The Hartals’ accounts had been breached. The couple saw dozens of trades they hadn’t approved, some made seconds apart.

“A lot of trades, very frequent, buy and sell for huge losses,” Erez said.

In a short amount of time, the hacker accrued huge losses between the two accounts; $180,000 gone, a huge blow to their retirement savings.

“It makes us think twice of if we’ll be able to retire at all, and if so, when,” Tali said.

The couple reported the hack to the Wilmette Police Department, which was able to confirm the login on their account came from a New Jersey IP address.

In an email exchange, Tastytrade confirmed that the “intrusion” took place, but said it wasn’t the company’s fault, because the couple failed to sign up for an optional two-factor authentication protection.

“We rolled out this additional security feature to mitigate the risk of this occurring to our customers,” the email from a fraud manager read.

“I know that this was an option, but it was never made mandatory,” Erez said.

Cybersecurity expert Nicole Jiang, CEO and co-founder of Fable Security, said two-factor or multi-factor authentication is a good protective step, allowing users to fully verify they are who they say they are. But even text or email codes are proving to be less secure than biometric factors like your voice or fingerprint.

She said this step should be required.

“I highly recommend businesses to reinforce multiple factors. I think that would reduce a significant amount of fraudulent attempts like this,” she said.

Tastytrade agreed to reimburse half of the Hartals’ loss, but the couple doesn’t think that’s enough.

“If they didn’t think that they were at fault, they wouldn’t even offer the 50%,” Tali said.

CBS News Chicago reached out to the brokerage firm multiple times to ask about their policies, but has not received a response.

The Hartals have since signed up for two-factor authentication and hope, if anything, their story can serve as a warning.

“I know it’s inconvenient, but it’s a better protection,” Erez said.

In the company’s response to the couple, they pointed out that the customer agreement that they signed required that they “protect sensitive account information.” The couple said they’re considering legal action.

More from CBS News