Due to the way we separate personal information from investment information it would require a breach in multiple systems, each of which require MFA to access for your investment data to be useful to anyone.
In the extremely unlikely event of a breach that could compromise your data we would inform you as soon as we've identified it.
Since we do not have access to your brokerage credentials, there would be no way for someone to access your money or make trades from information on our servers in the event of a breach.