Ameritrade Knew About Data Leak Long Before It Told Customers
from the quite-some-time,-it-seems dept
Late Friday, the news broke that TD Ameritrade is the latest in a long, long, long, long, long list of companies who have leaked data of its customers. In this case (as in many others) it was apparently due to their computers getting hacked. Considering how many similar stories we see, it almost didn’t seem worth writing about. However, it appears that Ameritrade was well aware of the hacking long before they disclosed it. According to a lawsuit that was filed months ago, Ameritrade users had been receiving stock spam to unique email addresses provided only to Ameritrade as far back as October of 2006 — and some of those users had reported this to Ameritrade. Then, back in May, Slashdot ran a detailed piece on the apparent leaking of Ameritrade email addresses, and even questioned why Ameritrade had not disclosed this breach, as is required under California law. The lawsuit, filed at the end of May, questions this as well. Yet, Ameritrade waited until now to disclose that their systems had been hacked, making email addresses available to people. Amusingly, Slashdot’s report on this fails to note Slashdot’s earlier story that helped spur the lawsuit and apparently pushed Ameritrade to finally investigate the claims. Either way, it raises questions about why Ameritrade waited this long to inform its customers that their emails had been leaked, despite pretty clear evidence of a leak from quite some time ago.
Filed Under: data leaks, notification, security
Companies: td-ameritrade
Comments on “Ameritrade Knew About Data Leak Long Before It Told Customers”
These stupid corporations try to hide important things from people so they don’t lose money.
THE COSTUMER COMES FIRST. BOTTOM LINE.
Re: Re:
ah yes, what wonderful society it would be those who wear costumes get the respect they deserve….
Re: Re:
THE COSTUMER COMES FIRST. BOTTOM LINE.
So which is it? Does the customer come first, or the bottom line? Because it looks like most companies these days are going with option #2.
No one wants to be made a fool...
…especially corporations. In a society of sue-happy people (rather than compromise) I can understand why they kept it a secret. Were they right to do so? Heck no! I would be mad too if my information was leaked from Ameritrade with no warning or options for me to fix it!
Either way, it raises questions about why Ameritrade waited this long to inform its customers that their emails had been leaked, despite pretty clear evidence of a leak from quite some time ago.
Raises questions.. does it really? We all know why big corporations never come out with them, cover them up, or just outright don’t even acknowledge something is wrong. They dont care, and never will until someone with a backbone makes them pay for it with a fine that actually HURTS their business. Sure slap a $140,000 lawsuit on them. It’s pettycash, what do they care. The NFL suit for half a million; their tax rightoffs are bigger than that. The industry wants you to sue them, so that the next time it happens the outcome is already known. More frivilous lawsuits there are the more a judge is going to have to rely on everyone elses previous judgements of “I dont care just get me to my lunchbreak already” sort of mentality. Whine bitch and moan all you want on a blog, it’d be just as usefull as shouting at the board members face to face. The mechanism to push you aside and erase your complaint is already in place, it’s called your business.
There is little or no legal penalty (relatively) for these data leaks.
Oh and the fact Slashdot’s editors missed their own story that could tie in with this new one doesn’t surprise me. For a while now they’ve had some inept editors. Such as the one that was mistagging everything ‘Enlightening’ as if it was the definition of the word and not the name of something.
Seriously has gone downhill for a while now.
Slashdot's Reporting
It’s may be amusing, but it’s hardly surprising if you know the way that Slashdot’s reporting works. It’s very much ad-hoc.
I'm a victim!
I started receiving these on October 6, 2006 to an email address I only used with Ameritrade. I reported it immediately to them and also notified the SEC. I told Ameritrade that they had been hacked
I should have also notified the media. I was definitely upset that Ameritrade didn’t disclose this within a month or 2.
As of Sept 12, 2007 I’m still receiving email to that address and reporting it to TD Ameritrade and the SEC. The email is stock spam and Storm worm infection email.
Email from TD Ameritrade
Looks like they had a bot on a critical system.
Re: Email from TD Ameritrade
http://www.amtd.com/newsroom/releasedetail.cfm?ReleaseID=264044
fines
It is particularly interesting to contrast current breach notification penalties (such as they are) with one individual, the Patriots’ Coach B, getting fined a half-million for breaking a rule in football.
Earlier than that
I notified Ameritrade of their leak in August of 2006. In going back through my records, the first spam sent to my Ameritrade-tagged address was December 2005. How does 20 months strike you?