4.6 mln Scottrade clients possibly exposed in hack

October 05 00:48 2015

Client names and addresses for as many as 4.6 million clients of discount brokerage firm Scottrade may have been compromised by hackers, the company said Friday. Word of the breach comes one day after Experian said 15 million T-Mobile customers had their information accessed by hackers. Together, they mark a bad beginning for National Cyber Security Awareness Month, which started Thursday. The online brokerage found out about the breach when federal law enforcement officials informed it of an ongoing investigation into cybersecurity issues at financial services companies, Scottrade said in a statement.

Scottrade is a privately owned, discount retail brokerage firm based in Town and Country, Missouri. “We take the security of the information entrusted to us very seriously and are fully cooperating with law enforcement in its investigation and efforts to bring the perpetrators to justice,” the company said. It appears the company’s network was compromised between late 2013 and early 2014. Only clients who had accounts previous to February 2014 are at risk, the company said.

Although Social Security numbers, email addresses and other sensitive data were contained in the system that was hacked, only names and addresses appear to have been accessed, Scottrade said. Neither Scottrade’s trading platforms nor client funds were compromised and client passwords were fully encrypted at all times, the company said. “We have not seen any indication of fraudulent activity as a result of this incident,” the company said.

Global security strategist Trey Ford of security firm Rapid7 noted encryption doesn’t make it impossible to recover passwords, only expensive and time consuming. Scottrade should consider putting two-factor authentication in place “to help mitigate against further damage here,” he said.

  Categories: