Hot on the heels of T-Mobile's announcement that a security breach compromised sensitive information about 15 million customers, online trading platform Scottrade has revealed hackers have exposed 4.6 million of its clients.
In a statement, Scottrade said it became aware of the breach in August when it was informed by the FBI. It said the agency asked the company not to reveal the breach while the investigation was at a sensitive stage.
“Based on our investigation and information provided by federal authorities, we believe the illegal activity involving our network occurred between late 2013 and early 2014, and targeted client names and street addresses,” the company said.
Targeted contact information
Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, Scottrade says it appears the thieves were only interested in clients' contact information.
“We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised,” the company said. “Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”
Company officials says they have discovered and secured the point in the system where they believe the hackers were able to get in. They say a leading cyber security firm has assisted with steps to further strengthen the system.
Targeting financial firms
In a recent research paper, security firm Trend Micro outlines how personally identifiable information (PII) is the most frequently stolen data in the retail industry. Christopher Budd, global threat communications manager at Trend Micro, said last week's T-Mobile's breach, which occurred at Experian, shows cyber criminals increasingly seek out financial data.
“This further reiterates how companies responsible for processing financial information continue to be a weak link in the chain,” Budd said.
Scottrade said it is in the process of directly notifying and offering identity protection services to approximately 4.6 million clients whose information was in the targeted database. The FBI, meanwhile, continues its investigation.
A matter of luck
The Trend Micro paper says while hackers are growing more sophisticated in their intrusion protocols, often they just get lucky. It says 41% of data breaches are caused when someone loses a device containing account logins and passwords.
“Overall, it accounts for 41% of all breaches compared to the 25% caused by hacking and malware,” the authors write. “Companies may often overlook the kind of sensitive information stored on their employees' laptops, mobile devices, and even thumb drives.”
When these devices get lost, stolen, and are left unprotected, that just makes a hacker's job that much easier.