Online stock brokerage Scottrade has suffered a major data breach that exposed the personal information of 4.6 million customers.
Data breach news are making the headlines, while I’m writing about the hack of the crowdfunding website Patreon and the hack of Experian, the news of a data breach suffered by the online stock brokerage Scottrade is circulating online. The data breach of the Scottrade exposed the personal information of 4.6 million customers, the company revealed the incident with an official statement.
The company confirmed that the data exposed include social security numbers, e-mail addresses and “other sensitive information”.
“Federal law enforcement officials recently informed us that they’ve been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies. Based on our investigation and information provided by federal authorities, we believe the illegal activity involving our network occurred between late 2013 and early 2014, and targeted client names and street addresses.” states the advisory issued by Scottrade. “We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”
The security advisory doesn’t provide information related to the potential exposure of the users’ password anyway internal staff confirmed that they were fully encrypted.
“Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”
As usually happens in these cases it is strongly suggested to change the password on the breached websites and on all those web services for which users share the same credentials, a bad habit that could cause the violation of accounts on other platforms.
The Scottrade is offering a year of free identity protection services to the 4.6 million people whose records were included in the hacked database.
“As a precaution, however, we are directly notifying and offering identity protection services to approximately 4.6 million clients whose information was in the targeted database. We take the security of the information entrusted to us very seriously and are fully cooperating with law enforcement in its investigation and efforts to bring the perpetrators to justice.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.