Ameritrade Knew About Data Leak Long Before It Told Customers

from the quite-some-time,-it-seems dept

Late Friday, the news broke that TD Ameritrade is the latest in a long, long, long, long, long list of companies who have leaked data of its customers. In this case (as in many others) it was apparently due to their computers getting hacked. Considering how many similar stories we see, it almost didn't seem worth writing about. However, it appears that Ameritrade was well aware of the hacking long before they disclosed it. According to a lawsuit that was filed months ago, Ameritrade users had been receiving stock spam to unique email addresses provided only to Ameritrade as far back as October of 2006 -- and some of those users had reported this to Ameritrade. Then, back in May, Slashdot ran a detailed piece on the apparent leaking of Ameritrade email addresses, and even questioned why Ameritrade had not disclosed this breach, as is required under California law. The lawsuit, filed at the end of May, questions this as well. Yet, Ameritrade waited until now to disclose that their systems had been hacked, making email addresses available to people. Amusingly, Slashdot's report on this fails to note Slashdot's earlier story that helped spur the lawsuit and apparently pushed Ameritrade to finally investigate the claims. Either way, it raises questions about why Ameritrade waited this long to inform its customers that their emails had been leaked, despite pretty clear evidence of a leak from quite some time ago.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Zaxk, Sep 17th, 2007 @ 12:23pm

    These stupid corporations try to hide important things from people so they don't lose money.

    THE COSTUMER COMES FIRST. BOTTOM LINE.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    DevJade, Sep 17th, 2007 @ 12:34pm

    Re:

    ah yes, what wonderful society it would be those who wear costumes get the respect they deserve....

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    TheDock22, Sep 17th, 2007 @ 12:49pm

    No one wants to be made a fool...

    ...especially corporations. In a society of sue-happy people (rather than compromise) I can understand why they kept it a secret. Were they right to do so? Heck no! I would be mad too if my information was leaked from Ameritrade with no warning or options for me to fix it!

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Chris, Sep 17th, 2007 @ 12:59pm

    Either way, it raises questions about why Ameritrade waited this long to inform its customers that their emails had been leaked, despite pretty clear evidence of a leak from quite some time ago.

    Raises questions.. does it really? We all know why big corporations never come out with them, cover them up, or just outright don't even acknowledge something is wrong. They dont care, and never will until someone with a backbone makes them pay for it with a fine that actually HURTS their business. Sure slap a $140,000 lawsuit on them. It's pettycash, what do they care. The NFL suit for half a million; their tax rightoffs are bigger than that. The industry wants you to sue them, so that the next time it happens the outcome is already known. More frivilous lawsuits there are the more a judge is going to have to rely on everyone elses previous judgements of "I dont care just get me to my lunchbreak already" sort of mentality. Whine bitch and moan all you want on a blog, it'd be just as usefull as shouting at the board members face to face. The mechanism to push you aside and erase your complaint is already in place, it's called your business.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Kevin, Sep 17th, 2007 @ 1:28pm

    Re:

    THE COSTUMER COMES FIRST. BOTTOM LINE.

    So which is it? Does the customer come first, or the bottom line? Because it looks like most companies these days are going with option #2.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Sep 17th, 2007 @ 2:45pm

    There is little or no legal penalty (relatively) for these data leaks.

    Oh and the fact Slashdot's editors missed their own story that could tie in with this new one doesn't surprise me. For a while now they've had some inept editors. Such as the one that was mistagging everything 'Enlightening' as if it was the definition of the word and not the name of something.

    Seriously has gone downhill for a while now.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Charles Griswold, Sep 17th, 2007 @ 2:55pm

    Slashdot's Reporting

    Amusingly, Slashdot's report on this fails to note Slashdot's earlier story
    It's may be amusing, but it's hardly surprising if you know the way that Slashdot's reporting works. It's very much ad-hoc.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Scott Evil, Sep 17th, 2007 @ 4:05pm

    I'm a victim!

    I started receiving these on October 6, 2006 to an email address I only used with Ameritrade. I reported it immediately to them and also notified the SEC. I told Ameritrade that they had been hacked

    I should have also notified the media. I was definitely upset that Ameritrade didn't disclose this within a month or 2.

    As of Sept 12, 2007 I'm still receiving email to that address and reporting it to TD Ameritrade and the SEC. The email is stock spam and Storm worm infection email.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Scott Evil, Sep 17th, 2007 @ 4:32pm

    Email from TD Ameritrade

    Looks like they had a bot on a critical system.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Sep 17th, 2007 @ 4:33pm

    Re: Email from TD Ameritrade

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Derek Slater, Sep 17th, 2007 @ 8:21pm

    fines

    It is particularly interesting to contrast current breach notification penalties (such as they are) with one individual, the Patriots' Coach B, getting fined a half-million for breaking a rule in football.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Patti, Sep 18th, 2007 @ 1:19am

    Earlier than that

    I notified Ameritrade of their leak in August of 2006. In going back through my records, the first spam sent to my Ameritrade-tagged address was December 2005. How does 20 months strike you?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This