Two Plus Two Newer Archives  

Go Back   Two Plus Two Newer Archives > Other Topics > Business, Finance, and Investing

Reply
 
Thread Tools Display Modes
  #1  
Old 09-14-2007, 06:14 PM
wiseheart wiseheart is offline
Senior Member
 
Join Date: Jun 2005
Posts: 1,507
Default TDAmeritrade Data breach (only of emails so they say)

Honestly, the fact that they pooh-pooh this makes me feel like they aren't taking their IT security serious enough.

[ QUOTE ]
You do not need to make any changes to your TD AMERITRADE accounts or to change the way you do business with us.

Dear xxxxxx,

Let me tell you why I am sending you this email. While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases, including email addresses, to be retrieved by an external source.

Please be assured that UserIDs and passwords are not included in this database, and we can confirm that your assets remain secure at TD AMERITRADE.

What we want you to know:
Once we discovered the unauthorized code, we took immediate action to eliminate it. We are confident that we have identified the means by which the information was accessed and have taken appropriate steps to prevent this from reoccurring.
You continue to be covered by our Asset Protection Guarantee, which protects you and your assets from any unauthorized activity that may occur in your account through no fault of your own. If you lose cash or securities as a result of such activity, we will reimburse you for the cash or shares of securities you lost.
While Social Security Numbers are stored in this particular database, we have no evidence to establish that they were retrieved or used to commit identity theft. To further protect you, we have hired ID Analytics, which specializes in identity risk, to investigate and monitor potential identity theft. ID Analytics provides identity risk services to many of the country's largest banks and telecommunication companies, as well as government agencies. Following its initial evaluation, ID Analytics found no evidence of identity theft as a result of this data breach. We will retain its services on an ongoing basis to support your TD AMERITRADE accounts and to monitor for evidence of identity theft. We will alert and advise you if any is found. As always, we encourage you to remain alert in guarding your personal information, regularly review your account statements and monitor your credit activity from the major reporting agencies.

For more information on protecting yourself against the possibility of security threats, please visit our online Security Center.

We sincerely apologize to you for this situation and want to assure you that protecting the security and privacy of your assets and information remains a top priority. We have made and will continue to make significant investments in security software, systems and procedures, and we will remain vigilant about protecting you.

We want to answer any questions and address any concerns that you may have about this matter. For more information, including a list of Frequently Asked Questions (FAQs) and an additional message from me, please go to www.amtd.com or contact Client Services. Please note that we are anticipating increased call volume during this period, which may lead to long wait times. We encourage you to review the FAQs and, if you have a question, to log on to your account and send us a secure email. Once again, please be assured that your assets are secure at TD AMERITRADE.

[/ QUOTE ]
Reply With Quote
  #2  
Old 09-14-2007, 06:57 PM
BradleyT BradleyT is offline
Senior Member
 
Join Date: Dec 2003
Location: Vote Ron Paul 08
Posts: 7,087
Default Re: TDAmeritrade Data breach (only of emails so they say)

I started to make that same post earlier this morning but didn't submit it.

I love how they play down the fact that our usernames and passwords weren't compromised BUT our SSNs were in that database. I would notice unusual activity in my ameritrade account way before I'd find out someone has opened 8 new credit cards in my name.
Reply With Quote
  #3  
Old 09-14-2007, 09:49 PM
jono jono is offline
Senior Member
 
Join Date: Jan 2005
Location: West Coast
Posts: 651
Default Re: TDAmeritrade Data breach (only of emails so they say)

so they have our emails and SSN connected? Or are they 2 separate groups of info that they have?
Reply With Quote
  #4  
Old 09-14-2007, 09:53 PM
wiseheart wiseheart is offline
Senior Member
 
Join Date: Jun 2005
Posts: 1,507
Default Re: TDAmeritrade Data breach (only of emails so they say)

It is hard to know what was compromised because they are claiming that even though the SSN's were there, none were taken...but who really knows they could just be covering their ass.

Maximum though I think is they would have our name, email, and SSN.
Reply With Quote
  #5  
Old 09-14-2007, 10:26 PM
jaydub jaydub is offline
Senior Member
 
Join Date: Dec 2004
Posts: 2,055
Default Re: TDAmeritrade Data breach (only of emails so they say)

[ QUOTE ]
I started to make that same post earlier this morning but didn't submit it.

I love how they play down the fact that our usernames and passwords weren't compromised BUT our SSNs were in that database. I would notice unusual activity in my ameritrade account way before I'd find out someone has opened 8 new credit cards in my name.

[/ QUOTE ]

Few possible reasons why they could be correct that emails were taken but no SSNs. I have no knowledge of the breach beyond the post, but have a background in infosec.

1. Account which ran the code had no access to the SSN field.
2. SSN field is encrypted (likely) and the account had no access to decrypt.
3. They have logs of all queries run against the database (almost certain) and have analyzed the logs, finding no access to SSN from this code.

Not saying that SSNs weren't compromised, just pointing out that the statement is feasibly true.

J
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:30 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.