I Lost $45,500 to a Wealth Management Hack at 84. Am I Stuck With This Loss?

An 84-year-old widow from Chattanooga named Jean called into The Ramsey Show after $45,500 vanished from her wealth management account. She had $169,790 in the account total. The thieves took a slice and left. “I would never have known about it if they hadn’t sent me a letter asking if I had changed my email and my bank account,” she told Dave Ramsey.

Ramsey’s reaction was immediate. “Their site got hacked by an identity thief. I think that’s on them,” he said. His framing matters because most account holders assume a fraud loss is theirs to absorb. Ramsey says the opposite. If the firm holding your money let someone access it, the firm owes you the money back.

The Verdict: Ramsey Is Right, and the Bank Analogy Holds

The advice is sound. Ramsey compared the wealth management firm to a bank: “Let’s pretend you had a savings account at a bank and a thief got into the savings account on the bank and stole the money. It’s the same thing. The bank would be liable.” That mirrors the actual legal structure.

For consumer bank accounts, Regulation E caps a customer’s liability for unauthorized electronic transfers at $50 if reported within two business days, $500 if reported within 60 days, and unlimited only if the customer sits on the loss past 60 days. For brokerage and wealth management accounts, protections come from SEC and FINRA rules plus the firm’s customer agreement, which almost always promises to make clients whole for unauthorized activity the client did not enable through negligence.

Here is the mechanic Jean’s case turns on. Hackers didn’t guess her password. According to Ramsey’s co-host George Kamel, the thieves had enough personal information to set up another bank account and link the two. Then, as Ramsey put it, “These goobs release this money to a fresh email and fresh address that they did not already have on file.” A new email and a new linked bank account should trigger identity verification at any competent firm. Releasing funds to both without confirmation is institutional failure.

Jean’s loss is $45,500. If the firm’s account agreement promises customer reimbursement for unauthorized transfers (most do), and the customer did not share credentials or approve the transfer, the firm’s insurance covers the loss. The firm pays Jean, then pursues recovery through its bond carrier and law enforcement. Jean’s job is to demand the refund in writing.

The Variable That Decides the Outcome

Whether a victim like Jean recovers depends on whether the unauthorized activity stems from the firm’s failure rather than the customer’s. Two scenarios apply.

Scenario one: the customer clicked a phishing link, handed over a one-time passcode, and approved the wire from their own device. Most firms deny that claim. The customer authenticated the transfer, even if tricked.

Scenario two, which matches Jean: the firm changed the email on file, accepted a brand-new linked external account, and released funds without re-verifying identity through a known channel. That is the firm’s control failure. Ramsey flagged the same red flag: “Why did they only get $45,000? That’s what I want to know.” A partial theft suggests the thieves were testing how much the firm would release without scrutiny.

What Jean and Anyone in Her Position Should Do

1. Lock the remaining funds first. Ramsey was emphatic: “You need to make sure the remaining money is safe. That’s the first thing.” Freeze the account, change every credential, and require call-back verification on any future transfer.
2. Demand reimbursement in writing. Send a written request citing the firm’s customer agreement and Regulation E principles. Ask the question Ramsey scripted: “When are you guys going to refund me the money that you lost because your account that I have with you was hacked?”
3. File complaints that create paper. The CFPB takes complaints on wealth and banking products. The agency received more than 5.8 million credit or consumer reporting complaints in 2025 alone, and firms are required to respond. Add FINRA and your state securities regulator.
4. Add identity monitoring. Jean already enrolled in Zander Insurance, the identity theft plan Ramsey has long recommended, which includes a restoration team that handles the paperwork. Restoration support matters more than the alert feed.
5. Get a lawyer who takes contingency cases. A securities arbitration attorney working on contingency has every incentive to take a clean case like hers.

When a financial institution fails to verify who is moving your money, the loss belongs on its books. Push back in writing, and push hard.