Scottrade vendor TROY Group gets hacked.
Discount broker Scottrade has notified some of its customers that their personal information may have been compromised due to a security breach at one of its vendors. Those customers who have used the eCheck Secure service to fund their accounts may have been affected by a security breach on TROY Group servers.
The breach occurred on October 25, when an unauthorized entity accessed the TROY Group server containing Scottrade's customer information. After reviewing the situation internally, as well as with TROY Group and the FBI, Scottrade notified its customers on November 11 with a mailed letter. The letter identifies that personal information including customers' name, driver's license or state ID number, date of birth, phone number, bank name, bank code, bank number, bank routing number, bank account number and Scottrade account number may have been compromised. In addition, if the customer used their social security number as a state ID or driver's license number, that information may have also been leaked.
"We notified our customers that had used the eCheck Secure product. It didn't effect all of our Scottrade customers," says Ellis Hough, Scottrade Risk Manager. He was unable to comment on the broker's regulatory requirements regarding the security breach.
As many as 140,000 of Scottrade's 1.3 million customers have at one time used the eCheck Secure service and are potentially affected by the security breach, Hough notes.
Scottrade is recommending that those customers affected by the breach notify the credit service bureaus and place a fraud alert on the credit file. Customers should also notify their local bank about the leak of the sensitive information.
The eCheck Secure product has been disabled and Scottrade is no longer working with TROY Group. It is actively looking for a replacement to the eCheck Secure service.