Scottrade, the online stock trading service, is the latest victim of a hacking which has compromised the data of 4.6 million clients.
On Friday, Oct. 2, the Missouri-based brokerage firm admitted to the breach in a notice on its website and via emails to affected clients. Scottrade divulged that it discovered the breach when it was alerted by the FBI in August, which was investigating ongoing cybersecurity issues at several companies.
The hacking has compromised the data of clients who have held accounts with the firm prior to Feb. 2014. Scottrade's network was apparently compromised between late 2013 to early 2014. Sensitive data such as the names and addresses (physical) of the company's clients have been compromised.
Even though the database hacked contained sensitive data, email addresses and the Social Security numbers of Scottrade's customers, the firm believes that the attackers were unable to steal the same.
The company's client funds or trading platform were not affected either. The passwords of the clients is encrypted at all times per Scottrade.
However, per experts, encryption alone does not guarantee that a password cannot be recovered. It is possible, but a time consuming and expensive process. To avoid further damage, Scottrade would do well to secure its system by implementing the two-factor authentication.
It is not known who is behind the attack waged on the brokerage firm and what the hackers intend to do with the stolen data. Usually, such information goes on sale in black markets as hackers can then collect stolen data to create a big database which searchable. This mechanism makes it easy for a miscreant to steal an individual's identity by paying a small sum to the hacker for the details. With a stolen identity, mischief makers can ruin the individual's credit, steal tax refunds and indulge in nefarious activities.
Scottrade divulges that there is no indication of any suspicious activity due to the data hacking. It is, however, offering affected clients a year's worth identity protection for free.
"We take the security of the information entrusted to us very seriously and are fully cooperating with law enforcement in its investigation and efforts to bring the perpetrators to justice," stated the company.
Photo: David Restivo | Flickr