According to the email sent to customers, and a public notice, the authorities learned that Scottrade was compromised while investigating other data-theft cases.
Advertisement
The company apparently discovered the intrusion after federal law enforcement officials said they were looking into a series of cyber crimes targeting information at financial services firms. Any customer with an existing Scottrade account before February of 2014 may have had their contact information and Social Security numbers taken.
Passwords were also encrypted, but it’s not clear which cryptography – a few of which are widely considered deprecated – was used by the company.
It appears the company’s network was compromised between late 2013 and early 2014.
Krebs hypothesized that the stolen contact to facilitate stock scams by way of spam emails. No client funds, or the trading platform itself, were touched or accessed.
The news comes one day after T-Mobile said 15 million customer records may be been leaked in an attack on credit monitoring bureau Experian, and follows a series of other high-profile incidents involving corporate and government databases.
“We have not seen any indication of fraudulent activity as a result of this incident”, the company said.
Advertisement
Scottrade is working with a computer security firm to determine the full extent of the breach in addition to strengthening its network.
