Scottrade Belatedly Learns of Breach

Law Enforcement Officials Informed Discount Brokerage of Hacker Attack
Scottrade Belatedly Learns of Breach

The discount stock brokerage firm Scottrade has revealed that hackers accessed its computer network and stole names and street addresses of 4.6 million clients between late 2013 and early 2014. The firm said it recently learned of the intrusion from law enforcement officials.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

The revelation of a breach at Scottrade, made in a statement dated Oct. 1, came the same day credit services provider Experian revealed a breach that resulted in the theft of personal information for 15 million customers of mobile communications provider T-Mobile USA (see Experian Hack Slams T-Mobile Customers).

"Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident," Scottrade said in the statement. "We have no reason to believe that Scottrade's trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident."

Scottrade says cybercriminals gained unauthorized access to its network for a period of several months between late 2013 and early 2014, but the company only recently learned of the incident from federal authorities, who had been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies.

"The FBI is unlikely to explain in detail why notification of this breach took so long, but it's not uncommon for an ongoing investigation to delay notification so that criminals aren't tipped off," says Tim Erlin, director of IT security and risk management at the IT security compliance firm Tripwire.

The Scottrade breach could increase the potential for brokerage fraud, says Tom Kellermann, chief cybersecurity officer at threat-intelligence firm Trend Micro. "Cybercriminals understand the financial sector more than we give them credit for," he says. "As we have realized this year, hackers are pursuing front-running and virtual-insider trading schemes."

Scottrade says it has secured the known intrusion point and conducted an internal forensics investigation on the incident with assistance from a computer security firm, and it has taken steps to strengthen its network defenses.

The company says it's notifying clients whose information was targeted and offering them one year of free identity protection services through AllClear ID.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.