Most Read
- SEC Short Sale Rule Could Create a Bubble in Financial Stocks
- Wall Street Outsourcing to New, Exotic Corners of the Globe
- Analytics Help Firms Turn Data Into Opportunity
- Cisco Global Exchange Study Ranks Latency Among Top Success Factors in Competitive Race
- DTCC, Markit to Create Single Point of Derivatives Confirmation
- BlackRock To Acquire Analytics Software Company
- NYC Financial Firms to Get New Disaster Recovery Data Center in Pennsylvania
- Deutsche, Merrill Reveal Recession-Proofing IT Strategies
September 17, 2007
Why TD Ameritrade’s Data Breach Is So Worrisome…
Last week, TD Ameritrade became the latest financial firm to hit the headlines after suffering a data breach, with over 6.3m customer records stolen. Other financial institutions have also reported data breaches recently: these include JPMorgan, Fidelity Investments and Ameriprise Financial. These incidents generally stemmed from stolen laptops or careless employees (who, in the case of JPMorgan threw a bunch of clients' financial paperwork in the garbage in the street).
So, what makes TD Ameritrade’s breach so different?
Well, first this wasn't a case of a stolen laptop, a scenario which everyone knows, unfortunately happens. What is worrying here is the fact that malicious code was actually found on the company’s server. Second, the breach lay undetected for weeks – or at least until phishers started trying to use the data they had stolen and customers started receiving SPAM.
Robert Ellis, an analyst at Celent, says the fact that social security numbers were on the same server as customers’ phone numbers, email and mail addresses, is alarming – as is the fact that hackers weren’t prevented from getting onto the server in the first place.
“It was just a coincidence hackers didn’t get to those social security numbers,” he says.
Still, the idea that someone could hack into TD Ameritrade’s system sufficiently to extract personal contact information, and to bury the code so deeply that the breach was only noted after phishers attempted to use the data, is scary, Ellis says.
“Either the contact information was behind a less-strong level of security, or TD Ameritrade dodged a major bullet,” he suggests.
TDAmeritrade issued an apology letter to its clients, telling them not to worry about UserIDs and passwords, since they weren’t stored on the same hacked database.
“You do not need to make any changes to your TD AMERITRADE accounts or to change the way you do business with us,” the online brokerage told its customers.
TDAmeritrade has enlisted ID Analytics, an identity and risk management solutions provider, to investigate and monitor for potential identity theft. None has been reported so far.
But one of the key issues here, is trust. As the list of financial companies and others suffering data breaches grows daily, products and performance will no longer be enough to attract - or keep clients. Security is likely to soon be a major differentiator between one firm and another.
Posted by Melanie Rodier at 06:12 PM
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
Greg MacSweeny Columns
Greg MacSweeneyIn a Matter of Months, CIOs’ Agendas Turned Upside Down
Early in the summer of 2007, Wall Street was counting its good fortune. In early summer 20...
Former CIO Gavazzi Launches Risk Alert Provider
Where Are They Now? Life After Wall Street
Where Are They Now? Mitchel Lenson, Former Deutsche Bank Group CIO
Larry Tabb Columns
Larry TabbClearing and Settlement Top-of-Mind for Front-Office Execs
In addition to the excitement in the U.S., the real focus is occurring in Europe, where th...
Risk Management IT Comes to the Forefront in the Wake of Subprime Credit Crisis
In a Tumultuous Economy, Wall Street Must -- and Will -- Find a New Model
CHECK THIS OUTNovell Real Time Linux Webcast SeriesIn order to succeed, companies must be able to respond quickly, deliver superior value and quality of service, and carefully manage their costs. In this series of brief webcasts, you will learn how SUSE Linux Enterprise Real Time from Novell enables organizations to respond quicker by delivering low latencies, deliver increased value with fast response times, and better manage costs. |
EventsLive Events:Accelerating Wall Street 2 October 02, 2008  Buy-Side Trading Summit 2008 November 16-18, 2008 |
White PapersLevel 3 Connectivity KitStay ahead of the bandwidth curve. The Level 3 Connectivity Kit provides full resources to help you make informed decisions regarding your network infrastructure. Download the Data Center Networking Strategies for Financial Services Firms White Paper; Business Class Ethernet: Trends in Perspective eBook and BC/DR Best Practices for the Data-Intensive Enterprise Gartner Webcast Surviving and Thriving in a Challenging Market Learn how financial services firms can use customer-centric strategies and tools to maximize client value and loyalty, gain insight into new opportunities, and do more with less, counteracting market volatility. |
Marketplace |
Career CenterReady to take that job and shove it?
|
Most Recent Job Posts:
* Lowe's seeking Manager of IT Research in Mooresville, NC
* Hebrew Senior Life seeking Senior Informatics Analyst in Roslindale, MA * UCLA seeking Programmer/Analyst IV in Los Angeles, CA * T-Mobile seeking Program Manager 3 in Snoqualmie, WA * Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA For more tech jobs in the industry, visit Wall Street & Technology's Career Portal. |
