Hackers have tapped into a database that houses personal information belonging to customers of TD Ameritrade Holding Corp., parent company of one of the larger retail brokerages in the country, and stolen data including names, addresses and phone numbers.
The company said on Friday that the attackers had access to a database that also included account numbers and Social Security numbers of customers, but said there is no indication that the attackers stole any of that data. The company only discovered the attack because some of its customers were complaining about spam targeting TD Ameritrade customers, which led the company to investigate its own systems. There are reportedly 6.3 million customers affected by the security lapse.
In a statement released Friday, the company's CEO said
"While the financial assets our clients hold with us were never touched, and there is no evidence that our clients' Social Security numbers were taken, we understand that this issue has increased unwanted spam, which is annoying and inconvenient for them," said Joe Moglia, CEO if TD Ameritrade, based in Omaha, Neb. "We sincerely apologize for that and any added concern this may have caused."
TD Ameritrade officials said they have hired a forensic firm to analyze the company's network and look for other signs of intrusion. There is no evidence that user IDs, passwords or account numbers were stolen, the company said. TD Ameritrade also hired ID Analytics Inc., a San Diego-based company that performs after-the-fact analysis to determine whether stolen data is being used fraudulently.
"Following our thorough analysis, we found no evidence of identity theft related to TD Ameritrade clients as a result of this issue," said Mike Cook, chief operating officer of ID Analytics. "In our opinion, TD Ameritrade is applying proven measures and technologies to help protect its clients from identity theft."
Although his company's databases were compromised and customer data was stolen, Moglia, TD Ameritrade's CEO, said that the problem is really an industry-wide one.
"This issue is not unique to TD Ameritrade. It's something that all companies involved in e-commerce should be aware of and prepared to address," Moglia said. "We participate in industry peer groups to share information on these types of threats in the interest of protecting all clients."
A TD Ameritrade spokeman did no return a phone call seeking comment.