Boy did TD Ameritrade screw-up

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • cgallery
    Veteran Member
    • Sep 2004
    • 4503
    • Milwaukee, WI
    • BT3K
    #1

    Boy did TD Ameritrade screw-up

    Let me tell you why I am sending you this email. While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases, including email addresses, to be retrieved by an external source.
    So this is what they are saying. Some of their clients used a unique E-Mail address that was provided only to TD Ameritrade. Some people (myself included) have the ability to generate an E-Mail address like "phil3432ameritrade@domain.com." This unique E-Mail address would normally never be guessed by a spammer. So as long as I don't give it to anyone but Ameritrade, you should never expect E-Mail from spammers to show-up at that address.

    BUT, spam started showing up. As a result, several people that had used these unique addresses notified TD Ameritrade and TD Ameritrade launched an investigation. What they discovered is some server-side code that allows someone to retrieve all sorts of customer data, like E-Mail addresses and SSN's:

    While Social Security Numbers are stored in this particular database, we have no evidence to establish that they were retrieved or used to commit identity theft. To further protect you, we have hired ID Analytics, which specializes in identity risk, to investigate and monitor potential identity theft. ID Analytics provides identity risk services to many of the country's largest banks and telecommunication companies, as well as government agencies. Following its initial evaluation, ID Analytics found no evidence of identity theft as a result of this data breach.
    I am beside myself because the crooks apparently had automated their methods for downloading this stuff from TD Ameritrade's servers! TD Ameritrade does not say how long it took before they acted, how long the compromise is thought to have existed. Nothing.

    Their comment that "While SSN's are stored in this particular database, we have no evidence to establish that they were retrieved or used to commit identity theft." Well, they have no evidence that they weren't either.

    In this day and age this level of incompetence is inexcusable!
    Tags: None
    • JR
      The Full Monte
      • Feb 2004
      • 5633
      • Eugene, OR
      • BT3000
      #2
      Ouch! That really sucks.

      If I were in your shoes I'd be worried about the Ameritrade account first. Do careful audit to make sure nothing's getting moved around that you didn't expect.

      Next, I'd worry about the typical ID theft issues. You can get free credit reports from the big three companies. Go over them carefully, looking for new credit cards or new accounts you weren't aware of.

      I'd send you to Schwab or E-trade, but who knows if they're any better.

      Good luck,
      JR
      JR

        Comment

        • MilDoc
          #3
          Very few computers are safe. Folks & companies just don't seem to get that. And companies don't try hard enough to make their systems safe.

            Comment

            • Bob Webb
              Established Member
              • Feb 2003
              • 262
              • Garland, TX.
              #4
              I read an article in the paper the other day about "locking" your credit information. For a $10.00 fee the credit reporting agencies will lock out all credit inquires unless authorized by you. This way no one can access your information. One thing I don't remember is that if you are notified when some one tries to get your info.

              I know Wells Fargo bank offers a service that does notify you any time someone checks your credit. We use it and it is helpful.

              Good Luck.

                Comment

                Previous template Next

                Footer Ad

                Collapse
                Working...

                We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                I Agree