The Scottrade online brokerage firm has notified many of its clients that their personal information may have been hacked, due to a data breach from a partner company's payment processing system.
It's the latest in a seemingly endless stream of customer data breaches. The TROY Group, makers of the "eCheck Secure" online checking application, stated that a hacker had breached the servers containing the personal information of eCheck Secure users.
The company was sparing in its details of the incident, saying only that it had notified the FBI and its customers, and had hired a "professional forensic services firm" to investigate the incident.
eCheck Secure enables users to submit data from their checking account and have transactions automatically debited without using credit or debit cards, via ACH (Automated Clearinghouse) transfer.
The TROY Group had boasted in a press release that eCheck Secure "utilizes a multi-level server system with the latest in encryption technology to ensure the integrity of the data transmitted over the Internet."
St. Louis-based Scottrade handles over 1.3 million accounts for its brokerage service, and claimed $223 million in revenue for 2003, though it still pales alongside rival online brokerages Ameritrade and E*Trade. The company has been in business with the TROY Group since 2000.
Scottrade notified affected customers via mail on Nov. 11th of the incident, which apparently occurred in late October. The letter stated that "[S]ome of your personal information, including your name, driver's license or state ID number, date of birth, phone number, bank name, bank code, bank number, bank routing number, bank account number and Scottrade account number may have been compromised. If you used your Social Security number as your driver's license or state ID number, your Social Security number may have been compromised as well."
Many Scottrade customers did not get the letter for several days or a week, leading to complaints that the company took too long to report the incident. Said one disgruntled customer, "It's inexcusable that it took them one month to notify us of this breach."
The Scottrade breach is the latest in a year full of expensive, dangerous, and embarrassing data losses for major companies, including Bank of America, ChoicePoint, Lexis Nexis, and DSW. Irate consumers have been pushing lawmakers to enact stronger safety standards for data brokers, and require immediate notification of affected customers in case of theft.