Cybercriminals in Russia have stolen tens of millions of dollars from U.S. 401(k) accounts, the Federal Bureau of Investigation and the Securities and Exchange Commission have found, United Press International reports. Companies whose customers have had their accounts hacked into include E*Trade Financial, Ameritrade Holding, Fidelity Investments, Merrill Lynch, Charles Schwab and Vanguard.

“You could wake up one morning and find all your money in your retirement account or in your trading account is gone,” said SEC Internet enforcement chief John Reed Stark.

The people who have hacked into these accounts cash out the balances and either wire the money to their own account or quickly buy and sell shares in worthless stock they control. In many cases, they have obtained users’ identities and passwords when they used public Internet portals at hotel business centers and other sites.

Similar schemes have taken place in India, Hong Kong and Malaysia, according to regulators.

Subscribe Now

Access to premium content including in-depth coverage of mutual funds, hedge funds, 401(K)s, 529 plans, and more.

3-Week Free Trial

Insight and analysis into the management, marketing, operations and technology of the asset management industry.