Identity Theft Blog

On Friday the Online brokerage TD Ameritrade Holding Corp. said that one of its databases had been hacked and more than 6.3 million customers had their contact information stolen. The database also contained customer’s Social Security numbers and account numbers. Ameritrade has reported that only the contact information was taken and not the Social Security numbers and account information, which makes me wonder why a hacker would only take customer’s contact information when presented with so much more worthy information. A list of emails verses a list of Social Security numbers? Spamming verses Identity Theft? Which list do you think would be more lucrative to obtain?

Apparently Ameritrade has known about the hacking incident since at least May and the data on the servers may have been vulnerable since October. Ameritrade claims that the problem has been recently fixed, which is great, but it does not help those customers whose information has already been compromised.
The hacking incident was discovered when customers reported receiving unwanted e-mails on accounts used only for Ameritrade. Two of the customers ended up suing Ameritrade in federal court. The two clients who sued Ameritrade wanted the court to order the online brokerage company to tell customers about the problem but Ameritrade beat them to the punch and issued a press release before the hearing could be held.

Ameritrade is looking into the theft and cooperating with investigators from the FBI, Securities and Exchange Commission, Financial Industry Regulatory Authority and local authorities. They also hired ID Analytics Inc. to help with the investigation and Ameritrade plans to continue using them to monitor their servers for potential identity theft.

Mike Cook, who is the chief operating officer for ID Analytics, stated that they will keep checking customer’s information against other databases to watch for identity theft since it could occur later.

“Just because a breached file is not misused today, it doesn’t mean that it won’t be misused in the future,” Cook said.

The Ameritrade hacking incident is small when compared to the data breach that occurred earlier this year at TJX Cos. which was the biggest known data breach at a company. The TJX incident consisted of the theft of at least 45 million credit card numbers (yep, I was one of those customers). But the Ameritrade incident is still larger than most data breaches.

This just goes to show you how vulnerable our information really is and that even though we do all we can to keep our information safe, nothing is 100% full-proof.

For those of you who are clients of Ameritrade, I would suggest:

• Opening a new Ameritrade account.
• I would also suggest getting our Free Identity Theft Ebook to prevent Identity Theft.
• If you have been a victim, I would suggest you follow the steps outlined in this list.
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

This entry was posted on Saturday, September 15th, 2007 at 5:32 pm and is filed under Identity Theft News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.