Scottrade Misses Breach, Until Notified by FBI 2 Years Later
The investment firm acknowledges that hackers accessed 4.6 million people's names and addresses, but says other sensitive information was not taken during a 2-year-old hack.Online thieves infiltrated the network of investment firm Scottrade nearly two years ago, stealing the names and addresses of 4.6 million customers, the company said on Oct. 2. The company did not detect the breach, but found out about the intrusion after federal law enforcement officials "recently informed" the retail investment firm of the incident. While the compromised servers also contained Social Security numbers, email addresses and other sensitive data, the attackers apparently did not target that information, the company stated. "We have secured the known intrusion point and conducted an internal data forensics investigation on this incident with assistance from a leading computer security firm," Scottrade said in its statement. "We have taken appropriate steps to further strengthen our network defense." This is the second major breach announced in the last week. On Oct. 1, cellular service provider T-Mobile announced that sensitive information on 15 million customers had been stolen because of the lax security of its credit-checking partner, Experian. T-Mobile's CEO John Legere told customers that he is "obviously … incredibly angry" about the theft of records that included not only information such as names, addresses and birthdates but also encrypted fields with Social Security and other ID numbers and that he planned to review the company's relationship with Experian.
"Experian has determined that this encryption may have been compromised," he said in the company's statement.