This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

No Comments

TD AMERITRADE: Hacker X Did It!

Privacy, Professional, Technology Comments (0)

In a press release today, the TD AMERITRADE Holding Corporation asserted the venerable “Hacker X” defense:

OMAHA, Neb.–BUSINESS WIRE–TD AMERITRADE Holding Corporation has discovered and eliminated unauthorized code from its systems that allowed access to an internal database. The discovery was made as the result of an internal investigation of stock-related SPAM.

The Company commissioned forensic data experts to assist in its investigation of this issue. Results of their combined efforts reveal the following:

  • Client assets held in accounts with the Company remain secure as UserIDs, personal identification numbers and passwords were not stored in this particular database.
  • Information such as email addresses, names, addresses and phone numbers was retrieved from this database and affects TD AMERITRADE retail and institutional clients.
  • While more sensitive information like account numbers, date of birth and Social Security Numbers is stored in this database, there is no evidence that it was taken.

“While the financial assets our clients hold with us were never touched, and there is no evidence that our clients’ Social Security Numbers were taken, we understand that this issue has increased unwanted SPAM, which is annoying and inconvenient for them,” said Joe Moglia, chief executive officer. “We sincerely apologize for that and any added concern this may have caused.”

Hacker X is a busy, busy hacker. But we expect from someone who has been around for ten years now. Earlier this year, e360 Insight, LLC (a/k/a, e360insight.com, a/k/a e360data.com), asserted that Hacker X had visited them. That’s two in less than 6 months, and we’re not done with the year yet.

This time, I don’t doubt it. There probably was a data breach that resulted in more spam for TD AMERITRADE users. I’ve heard some of my friends and acquaintances mention that they were getting stock spam sent to email addresses that they had only ever made to use with TD AMERITRADE.

And now we know why.

But, more disturbing is the lack of discussion of human factors. This means one of two things:

1) Either Ameritrade has publicly accessible systems that made their databases vulnerable (even if they are protected by passwords);
2) Or, Ameritrade has (or had) an employee who put the malicious code on the system.

Even though they didn’t find any evidence that the names, social security numbers, and telephone numbers were taken, Hacker X would have to be a real idiot not to have taken them. I can’t imagine that “People With Enough Disposable Income To Trade on the Stock Market” would be something that identity thieves wouldn’t want. My guess is that Hacker X hasn’t gotten a high enough bid for this information yet.

Were I an Ameritrade customer, I’d probably be happy enough to stay with them, but I would be watching my credit report VERY carefully for the next year or two.

MickC @ September 14, 2007

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

More articles

Previous:
Next: