Friday, September 14, 2007

TD Ameritrade's Statement Regarding Database Breach

The following is a press release issued by TD Ameritrade this morning:

TD AMERITRADE RELEASES RESULTS OF CLIENT SPAM INVESTIGATION

Assets Remain Secure
No Evidence of Identity Theft


Omaha, Neb., September 14, 2007 – TD AMERITRADE Holding Corporation (NASDAQ: AMTD) has discovered and eliminated unauthorized code from its systems that allowed access to an internal database. The discovery was made as the result of an internal investigation of stock-related SPAM.

The Company commissioned forensic data experts to assist in its investigation of this issue. Results of their combined efforts reveal the following:

—Client assets held in accounts with the Company remain secure as UserIDs, personal identification numbers and passwords were not stored in this particular database.
—Information such as email addresses, names, addresses and phone numbers was retrieved from this database and affects TD AMERITRADE retail and institutional clients.

While more sensitive information like account numbers, date of birth and Social Security Numbers is stored in this database, there is no evidence that it was taken. 

“While the financial assets our clients hold with us were never touched, and there is no evidence that our clients’ Social Security Numbers were taken, we understand that this issue has increased unwanted SPAM, which is annoying and inconvenient for them,” said Joe Moglia, chief executive officer.  “We sincerely apologize for that and any added concern this may have caused.”

The Company has hired a third party, ID Analytics, Inc., to investigate and monitor for potential identity theft.  ID Analytics provides identity risk services to many of the country’s largest banks and telecommunications companies, as well as government agencies. Following its initial evaluation, ID Analytics found no evidence of identity theft as a result of this issue. 

“Following our thorough analysis, we found no evidence of identity theft related to TD AMERITRADE clients as a result of this issue,” said Mike Cook, chief operating officer of ID Analytics, Inc. “In our opinion, TD AMERITRADE is applying proven measures and technologies to help protect its clients from identity theft.”

TD AMERITRADE will retain ID Analytics’ services on an ongoing basis to support its client accounts by continuing to monitor for evidence of identity theft.

The Company is confident that it has identified the way in which this information was taken and has taken the appropriate steps to prevent it from recurring. 

“This issue is not unique to TD AMERITRADE.  It’s something that all companies involved in e-commerce should be aware of and prepared to address,” Moglia continued. “We participate in industry peer groups to share information on these types of threats in the interest of protecting all clients.”

TD AMERITRADE wants its clients to know that no special actions are required of them with regard to their accounts, other than to continue remaining alert in guarding their personal information. Their account assets are still protected by the Company’s Asset Protection Guarantee.

For more information on this issue and the Asset Protection Guarantee, please visit the Company’s special client information center at http://www.amtd.com.

---------------------

Please post a comment if you have any experience with this issue.  Thanks. 

Posted by twcarey on 09/14 at 06:37 AM
News • (0) CommentsPermalink