Ameritrade Knew About Data Leak Long Before It Told Customers
from the quite-some-time,-it-seems dept
Late Friday, the news broke that TD Ameritrade is the latest in a long, long, long, long, long list of companies who have leaked data of its customers. In this case (as in many others) it was apparently due to their computers getting hacked. Considering how many similar stories we see, it almost didn't seem worth writing about. However, it appears that Ameritrade was well aware of the hacking long before they disclosed it. According to a lawsuit that was filed months ago, Ameritrade users had been receiving stock spam to unique email addresses provided only to Ameritrade as far back as October of 2006 -- and some of those users had reported this to Ameritrade. Then, back in May, Slashdot ran a detailed piece on the apparent leaking of Ameritrade email addresses, and even questioned why Ameritrade had not disclosed this breach, as is required under California law. The lawsuit, filed at the end of May, questions this as well. Yet, Ameritrade waited until now to disclose that their systems had been hacked, making email addresses available to people. Amusingly, Slashdot's report on this fails to note Slashdot's earlier story that helped spur the lawsuit and apparently pushed Ameritrade to finally investigate the claims. Either way, it raises questions about why Ameritrade waited this long to inform its customers that their emails had been leaked, despite pretty clear evidence of a leak from quite some time ago.