[Dataloss] Attorney Alleges Ameritrade Knew Of Security Breach A Year Ago

[lyger]

http://www.informationweek.com/security/showArticle.jhtml?articleID=201807006

An attorney launching a class-action lawsuit against TD Ameritrade Holding 
alleges the online brokerage knew a hacker had access to a customer 
database as far back as a year ago.

Last Friday, Ameritrade e-mailed account holders and put a public advisory 
on its Web site alerting users that a hacker broke into one of its 
databases and stole personally identifying information for some of its 6.3 
million customers. The company said names, e-mail addresses, phone 
numbers, and home addresses were taken in the data breach. Client assets, 
along with user IDs, personal identification numbers, and passwords, were 
not stored in the compromised database.

However, the advisory noted that it's unclear if account numbers, dates of 
birth, and Social Security numbers were stolen. Ameritrade did not say 
when the hackers got into the database or how long they remained there.

Kim Hillyer, a spokeswoman for Ameritrade, said in an interview that all 
of the company's 6.3 million accounts that were opened before July 18 of 
this year were breached. She would not say when the company first learned 
that there had been a breach, only offering that "they had been 
investigating client reports of spam for some time."

[...]