Scottrade Reveals Breach Affecting 4.6M Customers
Scottrade said it confirmed a breach after being notified that federal law enforcement officials were investigating cybersecurity crimes involving the theft of information from financial services companies.
Scottrade notes that contact information was the focus of the breach, and Brian Krebs at the KrebsOnSecurity blog suggests that the intruders are likely to use the information to facilitate stock scams.
Unauthorized access to the network was gained for several months between late 2013 and early 2014, and the incident may have affected anyone who had a Scottrade account prior to February 2014, a notification and FAQ explained.
The online brokerage firm added that the known intrusion point had been secured, and an internal data forensics investigation on the incident had been conducted with the help of a leading computer security firm. No client funds, or the trading platform itself, were touched or accessed. Although the database contained names, addresses, email addresses and Social Security numbers of customers, the company indicated that the hackers appeared to exfiltrate only names and addresses of customers.
“All client passwords remained encrypted at all times”, the company wrote in its email and web site notice. The company is offering identity protection services to customers who were potentially affected.