Let me tell you why I am sending you this email. While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases, including email addresses, to be retrieved by an external source.
BUT, spam started showing up. As a result, several people that had used these unique addresses notified TD Ameritrade and TD Ameritrade launched an investigation. What they discovered is some server-side code that allows someone to retrieve all sorts of customer data, like E-Mail addresses and SSN's:
While Social Security Numbers are stored in this particular database, we have no evidence to establish that they were retrieved or used to commit identity theft. To further protect you, we have hired ID Analytics, which specializes in identity risk, to investigate and monitor potential identity theft. ID Analytics provides identity risk services to many of the country's largest banks and telecommunication companies, as well as government agencies. Following its initial evaluation, ID Analytics found no evidence of identity theft as a result of this data breach.
Their comment that "While SSN's are stored in this particular database, we have no evidence to establish that they were retrieved or used to commit identity theft." Well, they have no evidence that they weren't either.
In this day and age this level of incompetence is inexcusable!
Comment