TD Ameritrade HACKED - account info stolen

Ahhh....the perils of technology. Sucks to have that happen, but I guess I'd rather run the risk of my personal data neing stolen than go back to the days of carbon copies and typewriters.

 

Was it really "stolen"? Is this term misused? If something is stolen, then you don't have it anymore... at all. How about illegally copied? What is the term I'm thinking about here.

No Ameritrade account here. Etrade, Scottrade, Ameriprise, all those... nada on this one.

 

i've been trying to get in contact with them since i found about this, i have ameritrade, i'll update this thread when i find something out

 

It doesn't sound very conclusive that ALL contact info wasn't hacked. They didn't say whether it was an inside job either. They're trying to soften the severity of it so that they don't lose customers.

 

here is the email I received from ameritrade
--------------------------------------------


September 14, 2007


You do not need to make any changes to your TD AMERITRADE accounts or to change the way you do business with us.


Dear ....,

Let me tell you why I am sending you this email. While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases, including email addresses, to be retrieved by an external source.

Please be assured that UserIDs and passwords are not included in this database, and we can confirm that your assets remain secure at TD AMERITRADE.

What we want you to know:
Because you are a former TD Waterhouse client, your information has only been stored in this database for a short time. We were able to conclude that while Social Security Numbers are stored in this particular database, your Social Security Number was not retrieved.
Once we discovered the unauthorized code, we took immediate action to eliminate it. We are confident that we have identified the means by which the information was accessed and have taken appropriate steps to prevent this from reoccurring.
You continue to be covered by our Asset Protection Guarantee, which protects you and your assets from any unauthorized activity that may occur in your account through no fault of your own. If you lose cash or securities as a result of such activity, we will reimburse you for the cash or shares of securities you lost.
To further protect you, we have hired ID Analytics, which specializes in identity risk, to investigate and monitor potential identity theft. ID Analytics provides identity risk services to many of the country's largest banks and telecommunication companies, as well as government agencies. Following its initial evaluation, ID Analytics found no evidence of identity theft as a result of this data breach. We will retain its services on an ongoing basis to support your TD AMERITRADE accounts and to monitor for evidence of identity theft. We will alert and advise you if any is found. As always, we encourage you to remain alert in guarding your personal information, regularly review your account statements and monitor your credit activity from the major reporting agencies.

For more information on protecting yourself against the possibility of security threats, please visit our online Security Center.

We sincerely apologize to you for this situation and want to assure you that protecting the security and privacy of your assets and information remains a top priority. We have made and will continue to make significant investments in security software, systems and procedures, and we will remain vigilant about protecting you.

We want to answer any questions and address any concerns that you may have about this matter. For more information, including a list of Frequently Asked Questions (FAQs) and an additional message from me, please go to www.amtd.com or contact Client Services. Please note that we are anticipating increased call volume during this period, which may lead to long wait times. We encourage you to review the FAQs and, if you have a question, to log on to your account and send us a secure email. Once again, please be assured that your assets are secure at TD AMERITRADE.

Sincerely,

Joe Moglia
CEO
TD AMERITRADE

 

Question, why would someone do this if they weren't trying to acquire funds?

 

You don't think a list of their customers is valuable? All 6MM+ of them.

 

That's what mean, the spokeswoman said she didn't think any customer would suffer financial losses or was a victim of identity theft.

Why go through the hassle and risk then?

 

I remember when I tried to apply for an Ameritrade account (I'm from Singapore). They made me jump through tons of hoops, citing the Patriot Act. Finally, after having met all their criteria over weeks of effort and courier charges, they refused to allow me full trading access (all I wanted was long options positions, not even short ones or margin privileges).

I told them to take a hike, signed up with Interactive Brokers and got approved in a day, funded my account, and was trading in 3 more days. Everything done through email, no courier charges and no delays. Full access too, shorts and margin trades approved. Oh, and they still met all the Patriot Act requirements, just with much less wilful hassle than Ameritrade.

So my opinion on this : I feel very bad for all the innocent customers who had their privacy compromised, but not for Ameritrade. Couldn't have happened to a more deserving e-brokerage as far as I'm concerned.

 

FYI, the TD stands for Toronto Dominion as in bank. Bunch of hosers

 

There's big $$ in spam my friend.

 

Also big jail time.............

 

You guys are missing it. I was being sarcastic.

A spokeswoman basically said "yeah some info was taken but it's all unimportant and I doubt any client will be affected"

My question was more directed at her.

 

Only if you McLare-it-up.

 

I don't think spam is the only issue. I predict a steep increase in the number of phishing attacks - getting credible contact info and personal details to target the victim is a phisher's wet dream. Unhappily, most people are not savvy enough to be immune to sophisticated phishing.

Phone-based social engineering is also a possibility - would an average user be smart enough to refuse anything to the convincing person representing him/herself as being from Ameritrade and having all your contact details?

I am deeply unhappy about the hassle and risk innocent customers have been exposed to as a result of Ameritrade's negligence.

 

Yup, great for phishing.

Further, I suspect this wasn't a finished project; I suspect they would have loved to have gotten in the accts, just not that far along when it was discovered.

 

Dumb maybe ?

Tomato, tomatoe, stolen-copied = whatever, info fell into the hands of people not authorized for it, so does it matter if it was stolen vs. copied ?

Umm..... did McLaren 'steal' Ferrari secrets, or did they just get a 'copy' of them ???? LOL

I can literally walk over to Joe Moglia's house, I ought to do that and see what he has to say...

 

Stolen vs. unauthorized copying, maybe whart can clear that issue up. But yes, I believe there is a difference.

The problem is, there are many sites out there with open information. You would be surprised. I've been dealing with one company for a year and a half to close up their 'hole', but nah.... they do not with for any assistance, nor to seek it when they have names, SS#'s, addresses, employment information, medical information, all that jazz... wide open. It is very sad. This particular company and those surrounding that company is just a time bomb from going off into the media.

 

There is a difference, however according to law, taking digital information that is not yours is considered theft. TD Ameritrade will be held responsible by those affected. They will probably be sued, and then turn around and sue whatever company they contract for databasing, security etc... Most companies do not create their own security

 

I got my letter today from Ameritrade.

Here's the kicker - I closed my Ameritrade account over 6 years ago.

 

I got my letter too and I closed mine years ago too. BUT THEY STILL HAVE YOUR INFORMATION.

Closing your account does not equate to them flushing your info from their system, which actually makes me quite angry. Why in the world would they need to keep it after its closed? Especially years after?

I hope they do get sued. I hate TD as a bank and this privacy fiasco is the last straw. They should have known and protected against this and its just utter sloppiness that they did not.

 

I got my letter today. Took them a while to send it overseas, apparently.

Here's the kicker : I NEVER had an approved, let alone funded account with them. I EXPLICITLY told them I was going to terminate business with them. My application was 3 years ago.

They still kept my details. The letter mentioned that even people who applied for accounts had their data stored in their system.

What the hell gives them the right to retain your data?