Saturday, 3 October 2015

Scottrade Inc. breached, 4.6M affected: Day 2 Cybersecurity Awareness Month

October is Cybersecurity (breach) Awareness Month and ironically two major breaches have come to light so far. An email sent on Oct. 2 by retail brokerage Scottrade Inc. notified 4.6 million customers that their information had been compromised due to a cyber breach of their systems. The firm was first notified by the FBI in August as part of an investigation of the theft of data from Scottrade and other financial services firms. This is the second large breach announced in the past two days. The first involved an Experian server containing credit apps of 15 million T-Mobile customers.

Scottrade’s email said that the breach occurred between late 2013 and early 2014. Client names and street addresses had been taken from its system which is now secured. “Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident. We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”

Scottrade spokesperson Shea Leordeanu couldn’t comment on the incident or about the content of the initial FBI notification. However, they are warning their customers to be more aware of potentially spam email designed to facilitate stock scams. Scottrade currently has 3.1 million customers but since the breach exposed the personal data of about 4.6 million people the breach clearly includes former customers as well.

Leordeanu explained to WIRED why people had not been contacted sooner. “They (the FBI) initially asked us to not share the information with our customers so that they could complete a part of their investigation. We were then alerted last Friday that it was all right to begin notifying our clients and we began to do that as quickly as possible.”

The news of Scottrade came at the same time as the American Bankers Association announced that email addresses and passwords “used to make purchases or register for events through its online shopping cart had been compromised.” Approximately 6,400 banker’s user records may be affected. The trade group said there was no evidence that credit card or other personal financial information had been accessed.

People may wonder why an investigation of a cyber attack takes so long. One expert compared a cyber breach to an infestation of insects rather than that of a single burglar. As with roaches or ants it takes time to find the entry point and all the areas they have tunneled through. “Once they’re inside, it takes more than a rolled-up newspaper to get rid of them,” said Tim Erlin, director of IT security and risk strategy at Tripwire.

View the original content and more from this author here: http://ift.tt/1WD65Pb



from cyber security caucus http://ift.tt/1PaXAsC
via IFTTT

No comments:

Post a Comment