[Dataloss] follow-up: Ameritrade leak looks to have started in late '05, much earlier than reported

[security curmudgeon]

http://www.networkworld.com/community/node/19720

Ameritrade leak looks to have started in late '05, much earlier than 
reported
Submitted by Paul McNamara on Wed, 09/19/2007 - 1:17pm.

E-mails obtained by Network World show that Ameritrade received explicit 
and repeated warnings from an IT security expert starting Jan. 9, 2006 
that its customer data had apparently been compromised, placing the start 
of the breach much earlier than previously reported and likely pushing it 
into 2005. Nevertheless, the company insisted for the next 20 months that 
a flood of stock-related spam being received by numerous clients was not 
indicative of a more serious problem.

Following that January 2006 e-mail, subsequent warnings from multiple 
sources -- including a column this May by my Network World colleague Mark 
Gibbs -- also failed to prompt the company to alert its clients. Only last 
Friday did Ameritrade publicly acknowledge that "unauthorized code" on its 
systems had "allowed certain information stored in one of our databases, 
including e-mail addresses, to be retrieved by an external source."

More than 6 million customer accounts were exposed, although Ameritrade 
contends there has been no known identity fraud associated with the 
breach.

"I warned Ameritrade of a security breach in January of 2006, which means 
that it likely occurred in mid- to late-2005," says Joshua Fritsch, who 
sent the Jan. 9, 2006 e-mail and provided copies of his exchange with 
Ameritrade to Network World. Fritsch has 15 years of experience in 
networking, including "security design and management for a global 
financial firm."

[..]