Brokerage Firm Hack Endangers Investors

November 26, 2005

By Brian Krebs

http://blogs.washingtonpost.com/securityfix/2005/11/brokerage_firm_.html



St. Louis-based Scottrade, one of the nation's largest private online stock brokerage houses, has alerted its customers that a hacker break-in may have compromised the security of an untold number of accounts.

The company did not disclose how many of its 1.3 million customers may have been affected, but noted that the breach likely only affects those customers who used its eCheck Secure service to transfer money from their bank account to their Scottrade investment accounts.

The company put the blame on its eCheck Secure service provider -- Troy Group Inc. -- which reported that on Oct. 25 a computer hacker had compromised its servers: "As a result, some of your personal information, including your name, driver's license or state ID number, date of birth, phone number, bank name, bank code, bank number, bank routing number, bank account number and Scottrade account number may have been compromised," Scottrade said in a statement on its site.

That's quite a bit of sensitive information. Scottrade is the fifth or sixth largest private online trading company, depending on whom you ask.

Troy Group's official statement about this break-in said the company had filed a report with the FBI and is investigating the incident.

Scottrade says customers who use their Social Security number as their driver's license or state ID card number should seriously consider placing a fraud alert on their credit file.

[an error occurred while processing this directive]