February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Insiders Now The Biggest Security Threat | Main | The Evolution Towards Endpoint Security »

September 18, 2007
TD Ameritrade Breach Gets Worse

In what is already some very bad data-breach news for TD Ameritrade, in that in a company computer audit, some malicious code was found in a customer database that allowed hackers to steal the names, addresses, along with the email addresses of every single one of their 6.3 million customers, a recent lawsuit has accused TD Ameritrade of actually knowing about the data breach for nearly a year and failing to disclose the information to their customers, information which is critical to heading off spear-phishing scams.

TD Ameritrade contends that they only discovered the malicious code several weeks ago, due to customer complaints about an unusual flurry of stock spam. But the lawsuit contends that the company new about the breach much longer. According to Dark Reading, Scott Kamber, lead counsel for the lawsuit and an electronic privacy expert, said, "It's the most irresponsible lack of disclosure I have ever seen."

While Ameritrade does not comment on pending court cases, they contend that they were aware of customer spam complaints, but were not aware that it was being caused by malicious code secreted on a database.

The entire case hinges on Matthew Elvey, a customer who created an email account specifically for his Ameritrade account, and who then become suspicious when that email address started getting bombarded with stock spam. Elvey alerted Ameritrade of his suspicions that they were the source of the spam back in October of 2006.

At the same time, Elvey moved his dedicated email account to a new address, and not long after, the stock spam moved too. "At that point, there should have been no question in anyone's mind that Ameritrade's customer data had been violated somehow," Kamber says.

TD Ameritrade continues to claim that no Social Security numbers were compromised in the breach, but that, along with their obfuscation in customer notification, is seeming more and more unlikely.

Once again, a reminder to sign-up for the ebizQ Security Newsletter, where you get all the security news you need right in your in-box. You can do that right here.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2324

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map