Stock Brokerage Firm Scottrade Hacked, Breach Impacts 4.6 Million Customers

Stock trading service Scottrade has disclosed a data breach from late 2013 and early 2014 that has leaked the personal information of nearly 4.6 million clients.

St.Louis-based retail brokerage firm Scottrade has revealed it is the victim of a data breach from its database that has compromised the records of 4.6 million customers, through a notice pinned on its website.

The firm points to Federal law enforcement officials informing them of the breach, with the FBI actively investigating cybersecurity breaches and crimes targeting the financial services industry.

The breached information includes social security numbers, email addresses, client names and street addresses.

A statement from the notice read:

Although Social Security numbers, email addresses, and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident.

It’s entirely likely that the attackers were after Scottrade user data after experts noted that customers’ contact information could be used in stock manipulation scams via spam emails.

The unauthorized access, according to Scottrade, occurred in the months between late 2013 and early 2014 and the company was unaware of the theft until it was alerted by the FBI recently. The company also said that it was told by Federal agents investigating the incident to hold back from revealing it publicly, until now.

“All indications show that this was an external criminal act,” said vice president of public relations, Shea Leordeanu.

“We were alerted by federal authorities in late August that this had occurred and initially were asked not to share the information as they wanted to finish their investigation. We are confident we have secured the intrusion point and have further strengthened our network defenses,” she added, speaking to Bloomberg.

Additionally, Scottrade states that client passwords remain “fully encrypted at all times” without any indication of fraudulent activity and that none of Scottrade’s trading platforms or any of its clients’ funds were compromised.

The company added that the known “intrusion point” has been secured since the breach and it conducted “an internal data forensics investigation” looking into the breach by hiring an external cybersecurity firm.

Scottrade is currently notifying its 4.6 million affected customers of the breach offering Identity protection security services for a year.

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

Leave a Reply