Discount brokerage firm Scottrade has revealed a breach from 2013-14 that has potentially compromised personal information including contact details and possibly Social Security numbers of some 4.6 million customers.
St. Louis-based brokerage firm Scottrade has revealed that it is the victim of a data breach that occurred between the end of 2013 and early 2014 that may have compromised details over nearly 4.6 million clients. The company has started to send out emails to customers notifying them of the breach and has also put up a notice on its website.
The notice detailing the breach can be found here.
Although the incident took place between late 2013 and early 2014, Scottrade was only recently notified of the breach by Federal law enforcement officials, notably the FBI who have been investigating breaches and other cyber-attacks targeting financial services companies.
“Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident,” said an excerpt from the notice.
KrebsonSecurity reports that the attackers involved may have been after Scottrade user data to aid stock scams and it’s likely that affected Scottrade customers may see a spike in receiving spam email that is deemed the ‘main fallout’ from the breach. Additionally, spear-phishing campaigns are also possible, specifically targeting Scottrade customers.
Speaking to Bloomberg, Shea Leordeanu, vice president of PR at Scottrade said:
“We’re confident our trading platforms and client funds were not impacted in any way.
“We were alerted by federal authorities in late August that this had occurred and initially were asked not to share the information as they wanted to finish their investigation. We are confident we have secured the intrusion point and have further strengthened our network defenses.”
Scottrade went on to add that it has hired the services of a security firm to conduct an internal data forensics investigation into the incident. Additionally, the notice also stressed that no client passwords were compromised during the breach, and they remain encrypted.
As a precautionary measure, Scottrade is offering identity theft protection services to all 4.6 million affected clients whose information was breached from the database.