NEWS    RECALLS    COMPLAINT FORM    SCAM ALERTS   RESOURCES  
Small Claims Guide   Class Actions   Lemon Laws   FAQ   Newsletters  
Share


Complain about a product or service

Automotive    Education    Employment    Electronics    Family    Finance    Health    Homeowners    Insurance    Pets    Shopping    Travel     Print This     Email This    



NEWS   Latest |  Archives |  Auto |  Cells, etc. |  Computers |  Financial |  Health |  Homeowners |  Parents |  Privacy |  Scams |  Seniors |  Travel

Hackers Steal Information On 6.3 Million Ameritrade Customers

'Unauthorized code' enabled thieves to breach database





by Martin H. Bosworth
ConsumerAffairs.com

September 15, 2007

Data Theft

68,000 CalOptima Members at Risk in Data Breach
Express Scripts Extortion Scheme Widens
Technology Could Be Key To Stopping Unauthorized Charges
T-Mobile: No Hacking in Data Breach
T-Mobile Confirms Data Breach
Consumers Increasingly Concerned About Online Transactions
Are Identity Theft Services Worth the Cost?
Online Tools Help Spot Financial Fraud
Financial Fraud Hits 7.5 Percent Of Americans In 2008
Feds Charge Mortgage Broker In Potential Data Breach
Millions of Credit Cards Exposed in Data Breach
2008 Data Breach Total Soars
Bank Data Breach Threatens 248,000 in North Carolina
GPS Not Foolproof
Countrywide Warns Millions of Data Breach
Thieves Steal AT&T Laptop with Employee Data
Report: Data Breach Disclosure Laws Don't Affect Identity Theft
Patient Information Exposed in Data Breach at Walter Reed
Supermarket Chain Reports Data Breach
Report: Feds Still Not Doing Enough To Secure Data
Data Thieves Hit Georgetown University Students, Faculty
800,000 Job Seekers At Risk In Gap Data Breach
TJX Data Breach Settlement Has Strings Attached
More ...

Hackers broke into a database containing personal information on 6.3 million customers of online discount broker Ameritrade. The database breach was discovered during an investigaiton of an outbreak of spam e-mails sent to Ameritrade customers.

The information stolen included names, phone numbers, e-mail accounts, and addresses.

Although more sensitive information such as Social Security numbers and account numbers were included in the same database, Ameritrade claimed this information had not been breached, though it did not offer specifics.

"[Ameritrade] has discovered and eliminated unauthorized code from its systems that allowed access to an internal database," the company said in its statement. "The discovery was made as the result of an internal investigation of stock-related SPAM."

The 6.3 million customers comprises the vast majority of Ameritrade's client base, second only to Charles Schwab Corp., the biggest online discount brokerage.

"While the financial assets our clients hold with us were never touched, and there is no evidence that our clients' Social Security Numbers were taken, we understand that this issue has increased unwanted spam, which is annoying and inconvenient for them," said Joe Moglia, chief executive officer. "We sincerely apologize for that and any added concern this may have caused."

Ameritrade said there was no evidence that the information was being used for identity theft. The company hired security firm ID Analytics to perform forensics on the breach and investigate for signs of fraud or theft stemming from misuse of the information.

Although ID Analytics' chief operating officer Mike Cook said the investigation found no initial evidence of identity theft, the company would continue investigating signs that the stolen information may be used elsewhere.

"Just because a breached file is not misused today, it doesn't mean that it won't be misused in the future," Cook said, according to published reports.

Ameritrade claimed that the malicious code had been removed and that the company's security procedures had been upgraded to prevent similar incidents. The FBI and the Securities & Exchange Commission are also investigating the breach.

The Spam Trail

Ameritrade customers were apparently receiving spam e-mails touting pump-and-dump scams to their accounts for many months prior to the disclosure of the breach. Blogs and online forums such as Slashdot were filled with stories of Ameritrade customers receiving unsolicited e-mails, despite creating and using e-mail accounts solely for use with the online broker.

The spam e-mails were originally thought to be a result of the loss of a data tape containing information on 200,000 Ameritrade customers in April 2005, with speculation that the data may have been sold to hackers and spammers.

But bloggers and Ameritrade customers then reported being hit with spam blasts even after creating accounts subsequent to the 2005 breach.

"So it's pretty clear that some attacker has access to the AmeriTrade customer database on an ongoing basis, and the February 2005 tape theft probably had nothing to do with it," wrote one commenter on Slashdot. "Probably someone inside AmeriTrade is selling customer data to an outside spammer."

The "inside job" theory has new support in the wake of the disclosure of the breach.

Graham Cluely of IT security firm Sophos told CNet News that the breach could have only occurred if hackers took advantage of a vulnerability in the site's code--the story promoted by Ameritrade--or if someone had used a Trojan Horse virus to exploit the vulnerability from the inside.



Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Share

Follow us on Twitter.

FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F

Sign up now!


Consumer News & Alerts
Every Sunday

Sign up now!





CONSUMER NEWS

SAFETY RECALLS

Back to the top |

Advertisement


Custom Search
AUTOMOTIVE
• Dealers
• Manufacturers
• Service
• Extended Warranties
• Lemon Laws
• Recalls
• Tires
• Transporters

FAMILY
• Aging
• Children, Parenting
• Recalls
• Dating
• Education
• Entertainment
• Pets
• Weddings
FINANCE
• Annuities
• Banks
• Credit Cards
• Debt Collection
• Debt Counseling
• Insurance
• Investing
• Loans
• Mortgages
• Payday Loans
• Student Loans
• Tax Prep

HEALTH
• Doctors
• Drugs, Pharmacies
• Health Clubs
• Hearing Care
• Hospitals
• Nursing Homes
• Nutrition, Diets
• Vision Care
• Weight Loss
HOUSE & HOME
• Appliances
• Cookware
• Furniture
• Home Improvements
• Lawn & Garden
• Movers
• Pools & Spas
• Realtors, Rental Agents
• Recalls
• Utilities

ELECTRONICS
• Cable TV/DBS
• Cameras
• Cell Phones
• Computers
• Home Electronics
• Internet Access
• Local Phone Service
• Long Distance
• VoIP
SHOPPING
• In-Home
• Online
• Retail Stores
• Sporting Goods
• Supermarkets
• Telemarketers

TRAVEL
• Airlines
• Bus Lines
• Car Rental
• Cruises
• Hotels
• Travel Agents
• Trains

RESOURCES
• Class Actions
• Complaint Form
• Small Claims Guide
• Lemon Laws
CONSUMER NEWS
• Latest News
• Automotive
• Telecom
• Financial
• Health
• Homeowners
• Scams
• Seniors
• Travel
• More ...

RECALLS
• Automotive
• Children's Products
• Drugs
• Food
• Household Products
• Sporting Goods

ABOUT US
• FAQ
• Privacy Policy
• Advertise With Us
• Newsroom
• Syndication
• Terms of Use

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice.  ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof. 

Copyright © 2003-2009 ConsumerAffairs.com Inc.  All Rights Reserved.    The contents of this site may not be republished, reprinted, rewritten or recirculated without written permission.