Scottrade Belatedly Learns of BreachLaw Enforcement Officials Informed Discount Brokerage of Hacker Attack
The discount stock brokerage firm Scottrade has revealed that hackers accessed its computer network and stole names and street addresses of 4.6 million clients between late 2013 and early 2014. The firm said it recently learned of the intrusion from law enforcement officials.
The revelation of a breach at Scottrade, made in a statement dated Oct. 1, came the same day credit services provider Experian revealed a breach that resulted in the theft of personal information for 15 million customers of mobile communications provider T-Mobile USA (see Experian Hack Slams T-Mobile Customers).
"Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident," Scottrade said in the statement. "We have no reason to believe that Scottrade's trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident."
Scottrade says cybercriminals gained unauthorized access to its network for a period of several months between late 2013 and early 2014, but the company only recently learned of the incident from federal authorities, who had been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies.
"The FBI is unlikely to explain in detail why notification of this breach took so long, but it's not uncommon for an ongoing investigation to delay notification so that criminals aren't tipped off," says Tim Erlin, director of IT security and risk management at the IT security compliance firm Tripwire.
The Scottrade breach could increase the potential for brokerage fraud, says Tom Kellermann, chief cybersecurity officer at threat-intelligence firm Trend Micro. "Cybercriminals understand the financial sector more than we give them credit for," he says. "As we have realized this year, hackers are pursuing front-running and virtual-insider trading schemes."
Scottrade says it has secured the known intrusion point and conducted an internal forensics investigation on the incident with assistance from a computer security firm, and it has taken steps to strengthen its network defenses.
The company says it's notifying clients whose information was targeted and offering them one year of free identity protection services through AllClear ID.