Scottrade data breach affects 4.6 Million Customers

Online stock brokerage Scottrade has suffered a major data breach that exposed the personal information of 4.6 million customers.

Data breach news are making the headlines, while I’m writing about the hack of the crowdfunding website Patreon and the hack of Experian, the news of a data breach suffered by the online stock brokerage Scottrade is circulating online. The data breach of the Scottrade exposed the personal information of 4.6 million customers, the company revealed the incident with an official statement.

The company confirmed that the data exposed include social security numbers, e-mail addresses and “other sensitive information”.

“Federal law enforcement officials recently informed us that they’ve been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies. Based on our investigation and information provided by federal authorities, we believe the illegal activity involving our network occurred between late 2013 and early 2014, and targeted client names and street addresses.” states the advisory issued by Scottrade. “We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”

The security advisory doesn’t provide information related to the potential exposure of the users’ password anyway internal staff confirmed that they were fully encrypted.

“Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”

As usually happens in these cases it is strongly suggested to change the password on the breached websites and on all those web services for which users share the same credentials, a bad habit that could cause the violation of accounts on other platforms.

The Scottrade is offering a year of free identity protection services to the 4.6 million people whose records were included in the hacked database.

“As a precaution, however, we are directly notifying and offering identity protection services to approximately 4.6 million clients whose information was in the targeted database. We take the security of the information entrusted to us very seriously and are fully cooperating with law enforcement in its investigation and efforts to bring the perpetrators to justice.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Scottrade , data breach)