Hacker Gained Access To Data On Millions Of TD Ameritrade Customers - InformationWeek
Software // Enterprise Applications
01:46 PM

Hacker Gained Access To Data On Millions Of TD Ameritrade Customers

The online brokerage is blaming the database breach on "unauthorized code" that was found in the network. E-mail addresses, names and phone numbers were stolen.

Online brokerage TD Ameritrade Holding Corp. announced today that a hacker broke into one of its databases and stole personally identifying information for some of its 6.3 million customers.

An online advisory and letters to account holders disclosed that names, e-mail addresses, phone numbers and home addresses were taken in the data breach. Client assets, along with user IDs, personal identification numbers and passwords, were not stored in the compromised database.

However, the advisory noted that it's unclear if account numbers, dates of birth and Social Security numbers were stolen. The company said there is no evidence that any customers were the victim of identity theft because of this security breach.

TD Ameritrade did not say when the hackers got into the database or how long they remained there.

"While the financial assets our clients hold with us were never touched, and there is no evidence that our cleints' Social Security numbers were taken, we understand that this issue has increased unwanted spam, which is annoying and inconvenient for them," said Joe Moglia, chief executive officer of TD Ameritrade, in a statement. "We sincerely apologize for that and any added concern this may have caused."

TD Ameritrade tracked down the break-in while doing an internal investigation into stock-related spam. The company called in forensic investigators and they discovered "unauthorized code" in their system that provided access for the hacker or hackers. According to the advisory, the code has been eliminated from the system.

Moglia, speaking in an online video-taped message to customers, said he is "confidant" that they have figured out how the information was taken.

"This is an issue of the global e-commerce that will be with us the rest of our lives," he said in the video message. "You have my promise that we will remain totally committed to protecting the trust you've placed in us."

According to the Privacy Rights Clearinghouse's list of data breaches, TD Ameritrade lost a backup tape in 2005 that contained 200,000 records. And in December of 2006, a missing laptop contained unencrypted information, including names, addresses, birthdates and Social Security numbers. That incident affected about 300 current and former employees.

Today, the company is telling customers that they don't have to do anything with their accounts. They can change their passwords, but it's not necessary, according to an advisory.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll