News Blog Subscribe to News Blog
September 14, 2007 12:52 PM PDT

TD Ameritrade's 6 million customers hit with security breach

Posted by Dawn Kawamoto

Online trading company TD Ameritrade alerted more than 6 million customers Friday that a security breach occurred with its client information database.

The database contained such sensitive information as clients' names, Social Security numbers, dates of birth, addresses, phone numbers and trading activity.

Ameritrade, however, stressed that it has no evidence that Social Security numbers and client demographics, such as birth dates and trading activity information, were retrieved or used to commit identity theft. The company also notes that Ameritrade's user log-ins and passwords were not part of the database.

The discovery was made a couple of weeks ago, when the online broker learned that investment-related spam had infiltrated the brokers' system. The malicious code allowed a hacker to access some of the information stored in the database.

A TD Ameritrade spokeswoman declined to give further details of the security breach, noting that the investigation is still ongoing.

But one security expert said it could have happened one of two ways.

"There are only two different ways this could have happened. There was either a vulnerability with their Web site and it was hacked, or someone internally gained access with a Trojan horse," said Graham Cluley, senior technology consultant at Sophos.

He warned that Ameritrade clients should be on the lookout for phishing attempts, which try to steal users' log-ins and passwords by lulling them into believing the e-mail is being sent by the online broker.

Hackers may also try to use the information to run a pump-and-dump scheme, in which certain stocks are touted to clients, driving up the stock price before the attackers dump the stock.

Ameritrade said it hired ID Analytics to conduct a forensics test to ascertain what information, if any, has been compromised. It has also posted more information on its Web site.

Recent posts from News Blog
HP to launch fall line of teen PC products
Hooray! Yahoo Mail ditches tagline ads
Conde Nast buys Ars Technica
Sugar Labs will make OLPC interface available for Eee PC, others
Dell spikes game site with Alienware systems
Add a Comment (Log in or register) 5 comments (Page 1 of 1)
The spam started long ago - so this is the reason?
by Doctor B September 14, 2007 6:56 PM PDT
TD Ameritrade states that the information was used to send spam. If you search for "Ameritrade spam" on google, you can see that people (including myself) have been receiving spam on addresses given ONLY to Ameritrade for quite some time; a quick look just now turned up discussions from 2005 (there may or may not be earlier ones, I only looked at a few search results). I wrote to them several times to complain about this, and was told that they were investigating (or had investigated) and had not found any evidence of a security breach. However, it sounds to me now like this has been going on for all that time.
Reply to this comment View reply
the email addresses were stolen a long time ago
by tomblonde September 14, 2007 7:58 PM PDT
I gave a VERY unique email addy to tdameritrade and gave it to no-one else. I started getting a non-tdameritrade spam at that address nearly a year ago.
Reply to this comment View reply
They lie.
by www.sorehands.com September 14, 2007 9:06 PM PDT
I complained about this multiple times over the last 6 months. They claimed it must have been a virus that got the e-mail address from my system and sent it to the spammmers. Impossible, I run OS/2.
Reply to this comment
Powered by Jive Software
advertisement

  • About News Blog

  • Recent posts on technology, trends, and more.

Add this feed to your online news reader
Google
Yahoo
MSN

News Blog topics

Most popular stories

  1. Images: Microsoft telescope puts universe on your desktop

  2. Photos: Cracking open the Atari 2600

  3. This VC forecast scares the pants off of me

  4. End of Intel, AMD duopoly near? Via readies Isaiah chip

  5. Photos: Microsoft previews 2008 Xbox games

Latest tech news headlines

All News.com headlines »

Featured blogs

Beyond Binary by Ina Fried

Coop's Corner by Charles Cooper

Defense in Depth by Robert Vamosi

Geek Gestalt by Daniel Terdiman

Green Tech

One More Thing by Tom Krazit

Outside the Lines by Dan Farber

The Iconoclast by Declan McCullagh

The Social by Caroline McCarthy

Underexposed by Stephen Shankland

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On TechRepublic: 3 habits of highly ineffective employees
Advanced
search
advertisementGet more done with Windows Mobile
Advanced
search
Visit other CNET Networks sites: