The world of online trading can be very profitable. It can also be dangerous. And not just in terms of having a stock fail after you’ve sunk a lot of your money into it. On a more basic note, it is dangerous if your account becomes compromised because that means that someone not only gets your personal data, they also gain the ability to control your money and invest it in a variety of stocks, with no profit coming back to you. This bizarre scenario seems to be even more likely if you work with LPL Financial because it reported yesterday that it was hacked for the second time in one year.

In this particular instance, the hack involved cracking the passwords of fourteen financial advisors and their assistances. In all, this exposed the personal data of over 10,000 clients. While it isn’t clear at this point if the hackers illegally used any of the data, it is clear that their intention was to run “pump and dump” schemes which involve penny stocks. Thankfully, despite not catching the breach with any sort of quickness, LPL was able to prevent these schemes from costing any of their customers’ money.

What was available to the hackers was not only names of investors, but also home addresses, social security numbers, some bank routing numbers, and the personal information of anyone set up as a non-client trustee on an account. This expands the number to beyond the original 10,000, but no word yet on how much wider this makes the pool of potential victims of identity theft. At a more basic level, LPL is unable to tell whether or not hackers actually even accessed the data, let alone took it and used it for other identity crimes.

While the breach began last July, it was not reported to the public until now. Internal memos released by the company show that they knew about the problem and were trying to fix in back in March. No word, yet, on why they waited so long to notify all the affected people in writing. With this being the second breach in less than twelve months, LPL has taken steps to increase all of its security measures. In created a new position, a chief security/privacy officer. Time will tell whether or not any new features implemented under this position will prove to be effective.

In the meantime, despite LPL Financial bringing in over $3 billion last year, they have not said anything about providing identity theft service subscription to its clients. These services, such as that provided by Lifelock, contact all three credit bureaus and monitor activity, such as credit card applications and the filing of loans. Lifelock then contacts the person to make sure that they are really involved and that someone else isn’t illegally using their name and social security number to try to defraud them while committing identity theft.