Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

06:12 PM
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Why TD Ameritrade's Data Breach Is So Worrisome...

Last week, TD Ameritrade became the latest financial firm to hit the headlines after suffering a data breach, with over 6.3m customer records stolen. Other financial institutions have also reported data breaches recently: these include JPMorgan, Fidelity Investments and Ameriprise Financial. These incidents generally stemmed from stolen laptops or careless employees (who, in the case of JPMor

Last week, TD Ameritrade became the latest financial firm to hit the headlines after suffering a data breach, with over 6.3m customer records stolen. Other financial institutions have also reported data breaches recently: these include JPMorgan, Fidelity Investments and Ameriprise Financial. These incidents generally stemmed from stolen laptops or careless employees (who, in the case of JPMorgan threw a bunch of clients' financial paperwork in the garbage in the street).

So, what makes TD Ameritrade's breach so different?Well, first this wasn't a case of a stolen laptop, a scenario which everyone knows, unfortunately happens. What is worrying here is the fact that malicious code was actually found on the company's server. Second, the breach lay undetected for weeks - or at least until phishers started trying to use the data they had stolen and customers started receiving SPAM.

Robert Ellis, an analyst at Celent, says the fact that social security numbers were on the same server as customers' phone numbers, email and mail addresses, is alarming - as is the fact that hackers weren't prevented from getting onto the server in the first place.

"It was just a coincidence hackers didn't get to those social security numbers," he says.

Still, the idea that someone could hack into TD Ameritrade's system sufficiently to extract personal contact information, and to bury the code so deeply that the breach was only noted after phishers attempted to use the data, is scary, Ellis says.

"Either the contact information was behind a less-strong level of security, or TD Ameritrade dodged a major bullet," he suggests.

TDAmeritrade issued an apology letter to its clients, telling them not to worry about UserIDs and passwords, since they weren't stored on the same hacked database.

"You do not need to make any changes to your TD AMERITRADE accounts or to change the way you do business with us," the online brokerage told its customers.

TDAmeritrade has enlisted ID Analytics, an identity and risk management solutions provider, to investigate and monitor for potential identity theft. None has been reported so far.

But one of the key issues here, is trust. As the list of financial companies and others suffering data breaches grows daily, products and performance will no longer be enough to attract - or keep clients. Security is likely to soon be a major differentiator between one firm and another. Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio

Register for Wall Street & Technology Newsletters
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.