TD Ameritrade Holding Corp said contact information for more than 6.3 million customers was stolen after one of its databases was hacked into.
The online broker apologized to its clients and said the breach stemmed from unauthorized code in its systems that allowed hackers to access an internal database. The discovery - and elimination of the unauthorized code - was made by the brokerage following an internal investigation of stock-related SPAM.Hackers were able to access names, addresses, e-mail addresses and phone numbers belonging to retail and institutional clients.
But TD Ameritrade, which has hired ID Analytics, an identity and risk management solutions provider, to investigate and monitor for potential identity theft, said there was no evidence more sensitive information such as account numbers, date of birth and social security numbers were taken.
Further, the brokerage said client assets held in accounts with the company remain secure as UserIDs, personal identification numbers and passwords were not stored in this particular database.
TD Ameritrade posted a notification of the breach on its web site on Friday. The company is currently cooperating with the FBI on the matter.
"While the financial assets our clients hold with us were never touched, and there is no evidence that our clients' Social Security Numbers were taken, we understand that this issue has increased unwanted SPAM, which is annoying and inconvenient for them," Chief Executive Joe Moglia said in a statement.
"We sincerely apologize for that and any added concern this may have caused."
Ameritrade said it is confident that it identified how this information was taken and has changed its computer code enough to prevent the theft from happening again.
It added that any new client who opened an account after July 18 was not affected.
The broker pointed out that the issue, of course, is not unique to TD Ameritrade.
"It's something that all companies involved in e-commerce should be aware of and prepared to address," Moglia said. "We participate in industry peer groups to share information on these types of threats in the interest of protecting all clients."
TD Ameritrade said its clients should know that no special actions are required of them with regard to their accounts, "other than to continue remaining alert in guarding their personal information." Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio