VANGUARD ALERT: Security Disabled
 

This morning, an email from Vanguard displayed the above in a big, red banner followed by text informing me someone had tried to logon to my wife's Vanguard account with an incorrect password multiple times and they had disabled access to the account. After verifying the e-mail was legit I called the number in the e-mail and eventually reached a live person in support. They verified someone had tried 3 times to logon to her account at 3:20 A.M.

Per VANGUARD security: one of two scenarios were likely. Someone with a user name very similar to my wife's had made a typo in entering their username causing them to try to logon to her account with their password OR someone who had wife's username had tried fraudulently to gain access to her account . We have 2FA on the accounts so that should have prevented access even if they got past the password.

Per their recommendation, I reregistered her account under a new username and password.
Would really like to know which case it was but will never know ....

Anyway, that message will definidtely get your attention first thing in the morning !!

Great news that 1. nothing bad happened, 2. it was caught by them, and 3. you were notified by them.

Security (especially of the Cyber variety), especially for financial institutions, is HUGE these days. It's good to hear that they seem to have a decent line on it.

Glad nothing bad happened. Take that as a win!
Something has been going on at Vanguard. Last year they turned their IRA accounts over to Ascensus to manage. Ascensus charges tons of fees and has crappy customer service. They are not set up to handle individual IRAs.
My IRA was partially funded by my employer, so Ascensus made my employer the account holder!
I made a QCD to one of the charities I support, and the check they sent had my ex-employer as the payee. The charity sent my ex-employer the 1099. I only caught it because I'm on good terms with my ex-employer and she called me and asked "WTF?"

That's surprising, Vanguard is supposed to be an excellent company to do business with. I suspect that issue will get straightened out after they realize that there are enough issues going on.

Wouldn't they have needed your phone or registered email address in order to access? I can't get into my own account without one or the other.

They used to be. I've been with them for 20 years. But something happened and they decided to wash their hands of the IRA accounts. They sold the business to Ascensus. We account holders had no say in it.

Yes, I have 2 factor authentication so they would have needed my Phone .

As I will most likely never know exactly what happened, to preclude someone inadvertently entering her username, the reregistered account has a username with some added numeric characters (and no, not any numbers relating to birthday, etc..)

That is often the case with that sort of thing. Mortgages being sold off to new co happens too. We have brokerage and Roth IRA, and those are still with Vanguard. I guess it's just regular IRA that got sold off.

It took over a year to twist Vanguard's claws off of my Mother's (and father's) funds as a trustee to their estate(s).

Good call.

Patrick: Which IRA accounts did they sell? Our accounts are a traditional IRAs and nothing has changed ?

That's wild! Vanguard was one of the easiest for me. T. Rowe Price was BY FAR the biggest pain in my ass.

hope you cross referenced that phone # in the email with something else.

We all know not to click the links but . . . yadda yadda

SmileWavy

Same here. We have a traditional IRA, ROTH 403B, & a brokerage acct. Wasn't aware of any sales.

https://www.ascensus.com/about-us/press-room/news/ascensus-to-acquire-vanguard-individual-401-k-multi-sep-and-simple-ira-plans/

^^^ So it looks like it's not *all* IRA accounts, but just those related to employers (401k, 403b, multi-SEP). So non-employer sponsored IRA and Roth accounts aren't affected, and neither are brokerage accounts.

Interesting. Kind of amusing (to me). I work for a huge bank. When I first started working for the bank, they handled our 401k. At some point, they farmed that out to another company. That seemed weird to me.

Yeah, that doesn't make sense. It seems like administering a retirement plan (401k/403b) would be a win-win. OK, there's the hassle of running a company. But you can't lose. You charge quarterly fees for your management services, whether the accounts gain or lose money. And you're constantly getting free micro-loans from all the money people are contributing to their retirement plans.

When you get your paycheck, direct deposit goes into your bank account on the day of the paycheck. But the money that gets deducted from your paycheck to get deposited into your retirement account takes 2-3 weeks to get there. Get enough of those going, and you've always got a constant stream of interest-free micro-loans to use/invest.

I know you said you verified the email. I presume you opened the header and verified some things.

But still, I'd call a known number directly from their website as opposed to a number in an email...

I have investments spread over several places, including vanguard.
We have seen the enemy and it is us ;)

They might not hear one voice, but if a bunch of voices on facepage or X all had the same concerns, they might hear.
Especially around board member election time.

BTW, proxy voting should be outlawed IMO