And here we go again. It gets old to hear about large corporations and governmental bodies being hacked. But this time it’s investment firm TD Ameritrade that’s been hit. TD Ameritrade did an internal investigation upon finding a massive spam campaign aimed at stocks. It seems that the spammers had been targeting most of their clientèle. So, TD Ameritrade figured something was awry. That’s when they brought in an outside forensic firm to assess the situation. What they found was that a hacker had made entry into an internal database. But, the situation was not as bad as it could have been.
Client account information such as “UserIDs, personal identification numbers and passwords” were not breached. They were stored in a different database. However, “email addresses, names, addresses and phone numbers” were stolen and are being used maliciously. Now, having said that, TD Ameritrade spokespeople also said, “more sensitive information like account numbers, date of birth and Social Security Numbers is stored in this database, there is no evidence that it was taken.” That is obviously disconcerting.
But I was also delighted to read that upon seeing that information, TD Ameritrade hired an outside ID Theft specialty firm called ID Analytics. After a thorough investigation, ID Analytics issued this statement:
Following our thorough analysis, we found no evidence of identity theft related to TD AMERITRADE clients as a result of this issue…In our opinion, TD AMERITRADE is applying proven measures and technologies to help protect its clients from identity theft.
TD Ameritrade is retain ID Analytics to provide ongoing monitoring of client accounts. However, TD Ameritrade did not release information as to how client data was stolen in the first place. All we get is that someone had placed “unauthorized code” into their system. So, it could have been an inside job or the result of some security hole. In any case, it seems that TD Ameritrade has taken the right steps here. As far as we can tell so far, they have informed clients, identified the breach, brought in the right help, and remediated the problem. If that’s the case, I tip my hat to them. Many other companies do very poorly in this situation.
