TD Ameritrade Suffer Breach of Customer Database

TD Ameritrade Holding Corporation found and deleted an unauthorized code in its network that allowed a third-party to access its internal database. It discovered the breach on making an internal investigation on stock-related SPAM.

Malware on the company's internal database might have allowed spammers to access names, phone numbers, addresses and email ids of around 6 Million customers. TD Ameritrade announced the data breach on 14 September 2007.

TD Ameritrade detected the damaging code in its database while performing an audit as part of an internal investigation of stock-related SPAM. Sources that were aware of the breach reported the malware to be similar to that applied on the data theft at Monster.com.

The company is continuing its investigation and the initial findings reveal that the purpose of the attack was not to access users' accounts but to obtain their addresses to use in spam campaigns. The hacked database also included dates of birth, Social Security numbers and account numbers. However, there is no evidence that this second set of information was stolen, the company said.

According to the CEO of TD Ameritrade, Joe Moglia, the thieves neither touched clients' financial assets nor their Social Security numbers. But this has increased the undesirable spam, which is both inconvenient and irritating for the clients. Darkreading published this news on 14 September 2007. Moglia also apologized for the inconvenience and any concern caused as a result of the incident.

Meanwhile, TD Ameritrade used the services of an external party, ID Analytics Inc., to probe the case and monitor for possible ID theft. ID Analytics' early evaluation found no signs of identity theft. The brokerage company has also detected the way the information theft was done and has taken necessary actions to stop repetition of such events.

In 2005, TD Ameritrade had lost a file containing 200,000 records. In the following year, it had laptop stolen containing unencrypted personal information including customers' names, birth dates, addresses and Social Security numbers. The incident had affected nearly 300 former and current employees, as per the data list for breaches by Privacy Rights Clearinghouse.

Related article: Tweet Tornado Enables Spammers to Create Innumerable Fake Twitter Profiles

» SPAMfighter News - 9/29/2007