topic Re: •••Scottrade Had No Idea of Data Breach••• in Community Chat

•••Scottrade Had No Idea of Data Breach•••

newziesuzie — Mon, 05 Oct 2015 00:20:27 GMT

http://www.pcworld.com/article/2988993/security/scottrade-had-no-idea-about-data-breach-until-the-feds-showed-up.html#tk.nl_today

10/3/15

"Scottrade had no idea about data breach until the feds showed up"

"When an organization gets hacked, ideally they'll realize it promptly and warn their users right away. Take crowdfunding site Patreon, which was hacked on Monday and has already informed the world about the problem. Scottrade, an investment brokerage company, is different, and not in a good way.

The company announced Friday that it suffered a security breach over a period of several months from late 2013 to early 2014, affecting approximately 4.6 million customers. But in a statement, Scottrade said it had no idea that the breach had occurred until law enforcement officials told them about it.

Remember: This is a company that is charged with storing real money and managing investments.

Let that sink in for a second.

The FBI notified Scottrade of the breach in August but asked that the company hold off on disclosing the attack until it had wrapped up another part of its investigation. The company was cleared to disclose the breach at the end of last week and began informing customers Friday.

To its credit, Scottrade said that it believes attackers obtained only clients' names and street addresses -- not the social security numbers, email addresses and other sensitive data stored in the compromised system. According to the company, the attackers didn't compromise Scottrade's trading platforms, and clients' funds were untouched.

People who had a Scottrade account prior to February 2014 may have been affected by the breach. Those people who Scottrade knows were affected will be notified of that by email. The company isn't suggesting that users change their passwords, since it believes that they remained encrypted during the attack.

As is expected in these sorts of cases, Scottrade is offering affected customers a free year of identity theft protection. It's not clear how much good that will do, since the data was taken more than a year ago, but offering that sort of service is something consumers expect from a breach response at this point.

Looking forward, the company said that it has secured the intrusion point the attackers used to get into its systems, and conducted an internal investigation with the help of an unnamed computer security firm. The company also said that it has further secured its network.

These aren't the only data breaches revealed this week.

T-Mobile and Experian said yesterday that 15 million

people may have been affected by a mammoth breach

that could include data like names, birthdates and

Social Security numbers.

Incidentally, October is National Cyber Security Awareness Month in the U.S.

And now at least 20 million people have had their awareness raised."

Re: •••Scottrade Had No Idea of Data Breach•••

millieshops — Mon, 05 Oct 2015 00:27:55 GMT

Computers and computer files do wonderful things for our lives, but they also create incredible opportunities for thieves. Scary times we live in.

I truly do not know how a company knows it's been hacked - how do they find out?

Re: •••Scottrade Had No Idea of Data Breach•••

riley1 — Mon, 05 Oct 2015 00:56:09 GMT

A really good system would have a breach notification, and there are web managers that monitor the systems.

Re: •••Scottrade Had No Idea of Data Breach•••

Puzzle Piece — Mon, 05 Oct 2015 01:06:22 GMT

Russians????? Chinese?????

Re: •••Scottrade Had No Idea of Data Breach•••

brii — Mon, 05 Oct 2015 01:11:37 GMT

I'm going to assume every company at some point has been or will be hacked.

How did they not know?

Re: •••Scottrade Had No Idea of Data Breach•••

newziesuzie — Mon, 05 Oct 2015 09:58:49 GMT

@riley1 wrote:
A really good system would have a breach notification, and there are web managers that monitor the systems.

Thanks @riley1 I wondered about that.

Re: •••Scottrade Had No Idea of Data Breach•••

Say Nay — Mon, 05 Oct 2015 12:16:46 GMT

I don't believe them when they say they didn't know.

Re: •••Scottrade Had No Idea of Data Breach•••

Lucibee — Mon, 05 Oct 2015 12:30:40 GMT

Do you really think they didn't know? Didn't Target delay the news that they were breached?

Re: •••Scottrade Had No Idea of Data Breach•••

Winkk — Mon, 05 Oct 2015 13:21:33 GMT

Geez. Data breaches are getting to be a weekly thing. Goes to reassure us that nothing on the computer is safe.

Re: •••Scottrade Had No Idea of Data Breach•••

momtochloe — Mon, 05 Oct 2015 13:21:37 GMT

@Smaug wrote:
I don't believe them when they say they didn't know.

I hate to say it but I do believe they didn't know they were hacked. What I don't believe is that they only breached clients names and addresses and no sensitive data was touched.

What frightens me is that these are probably for the most part people's retirement funds. If the hackers got the necessary data, they could possibly follow them to another brokerage firm and gain access to their data and remove their money. Does anyone know if these online brokerages come with any guarantees if you get hacked and your money is gone?

Shameful.

Re: •••Scottrade Had No Idea of Data Breach•••

Constance2 — Mon, 05 Oct 2015 19:15:49 GMT

Experian was also hacked?? That is the company Target had customers use for free for a year to monitor their credit, wasn't it? NoIt appears no one is immune to online hacking.