BREAKING NEWS: Ameritrade customer data stolen (all of the company's 3.6 million accounts)

Source: Omaha World Herald

BY VIRGIL LARSON

Names, addresses, phone numbers and e-mail addresses of TD Ameritrade brokerage customers were taken after somebody hacked into the Omaha company's database.

The company found out about the hacking and investigated after clients complained about getting spam, including stock tips, at the e-mail addresses they used for trading at the online brokerage.

The hackers had access to contact information on all of the company's 3.6 million accounts, spokeswoman Kim Hillyer said today, but the company would not say how many addresses were taken.

Social Security numbers, birth dates and account numbers were in the database but the company said there was no evidence they were taken.

Read more: http://www.omaha.com/index.php?u_page=1208&u_sid=10132242

---

We have several accounts there. Our son is a broker there. More news on this as it happens.

There are no nations, only corporations and they don't give a shit about anything.

:spray:
:rofl:

Especially with laptops.

A salesman leaves his laptop at the airport, or has it stolen from a rstaurant and now you have to send out letters to thousands of people saying their data may have been compromised.

It's going to be something we're going to have to live with in the computer age.

but corporations being caviler with the sensitive data they require of us.

Thanks for posting. Checked with Havocdad to make sure there were no Havoc accounts there.

:grr:

Imagine what would happen if someone got onto the NYSE and crashed it, or the DOW Jones, or NASDAQ. Nevermind the chaos they could cause if they got into the Pentagon and went hog wild there.

than a bunch of hired hackers corporations use, trying to fuck each other.

Conventional warfare is just the circus to distract us from the corporate warfare and all the insidious strangling of modern life they are dealing us. Well, some of them also make a shit-load of $$ from conventional warfare too. Conventional warfare really doesn't seem to have any other genuine purpose in
the world today.

Our troops are hostages. Our rights are sold out. There are no nations. Corporations don't follow any laws they don't like and hire pols to make laws they want us to have to obey.

We are screwn.

Think again. I believe it's the Federal Gov't and the IRS that requires that they collect SSN's.

Wouldn't want anyone to skip out paying their war tax.

NOT!

Suggesting that your account is gone because of something like this is quite frankly absurd. It is a security breach, not a pilfering or loss of assets.

Relax. I am sure Ameritrade will be in touch with you to let you know what you need to do, if anything. More than likely they will ask you to change your password, etc.

There is no way they will not do everything they can do to ensure your account is safe.

On edit to add - The best course of action at this point for someone with an account at that firm is to call them directly and ask a few questions. Allowing a post on a message board to lead you to think your money has evaporated is a waste of your mental energy.

I switched from Ameritrade to Scottrade several years ago. I haven't seen any influx of SPAM on that email address, which is good, but they obviously had my SSN and other potentially damaging information.

I'd been thinking that my internet provider had sold the addresses
to the spammers.

I had no idea it was hacking into Ameritrade.

Btw, it's fixed... and no identities were stolen.

Sue

Nice of them to tell us now. They probably waited 'cause they didn't want us all bailing at the same time.

Good thing for them that nobody's reported ID theft yet, or they'd be up shits creek.

What does the Chronology of Data Breaches contain?

The data breaches noted below have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. Some breaches that do NOT expose such sensitive information have been included in order to underscore the variety and frequency of data breaches. However, we have not included the number of records involved in such breaches in the total because we want this compilation to reflect breaches that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws. The breaches posted below include only those reported in the United States and does not include incidents in other countries.

What does the Total Number indicate?

The running total we maintain at the end of the Chronology represents the approximate number of *records* that have been compromised due to security breaches, not necessarily the number of *individuals* affected. Breaches for specific years are noted below -- 2005, 2006, and 2007. Some individuals may be the victims of more than one breach, which would affect the totals.

In reality, the number given below should be much larger. For many of the breaches listed, the number of records is unknown.

http://www.privacyrights.org/ar/ChronDataBreaches.htm

:scared: or maybe :tinfoilhat:

out of them. Companies/Corporations look at the cost of protecting sensitive info and take the cheap way out. This can't continue to happen. They should fine the company and all other companies should be on notice - that it will cost them more if their data gets stolen or compromised than it would if they protected it in the first place.

This can't continue to happen. Too many companies taking a cavalier attitude with our sensitive information and not protecting it.

Put their CEO's in jail as well.

Especially when one considers human error. 90% of hacking is tricking some idiot into giving you a password. As long as there are idiots (mathematically equivalent to "forever" far as I'm concerned) no computer system will ever be 100% secure.

hmmmm...could our government be behind this?
Seems getting info on any and all citizens in any and all illegal ways possible has been the MO under the BushCo/PNAC Regime.


Just wonderin'.... :shrug:

Global Information Group Ltd's database, offshore and privatized and out of US jurisdiction:

"Now the choreographer of that program, a former intelligence official named Ben H. Bell III, is taking his ideas to a private company offshore, where he and his colleagues plan to use some of the same concepts, technology and contractors to assess people for risk, outside the reach of U.S. regulators, according to documents and interviews."

Bahamas Firm Screens Personal Data To Assess Risk
Operation Avoids U.S. Privacy Rules
by Robert O'Harrow Jr.
Washington Post Staff Writer
Saturday, October 16, 2004; Page A01

http://www.washingtonpost.com/wp-dyn/articles/A36853-2004Oct15.html

TIA is out there, offshore.

or reaping the benefit$ at some point.
Mofia Family

http://republicans.energycommerce.house.gov/108/Letters/04042006_1836.htm

From 4/4/2006

Letter to Global Information Group, Inc. regarding cell phone records and requesting information

Ms. Laurie J. Misner
President
Global Information Group, Inc.
2830 Northeast 20th Ave.
Lighthouse Point, FL 33064

Dear Ms. Misner:

We write to request information relating to the business activities of Global Information Group, Inc. (Global). It is our understanding that Global owns and operates a “data broker” Web site. According to numerous press reports, many data broker Web sites acquire and sell consumers’ personal cell phone records and other personal data, without the knowledge or consent of the owners of those cell phone numbers. Even cell phone roaming records are being sold, giving purchasers not only the numbers called, and their dates and times, but also the city and state from which those mobile calls were made.

In light of these disturbing press reports, the Committee on Energy and Commerce, pursuant to its jurisdiction over telecommunications, the Internet, consumer protection, and interstate commerce, is conducting an investigation of these activities to determine exactly how this data is being acquired and sold.

According to numerous data broker Web sites, various components of an individual’s personal profile and activities, including cell phone records, are for sale. For example, for a relatively modest fee, a purchaser can get access to: itemized incoming and outgoing call logs for cell phone numbers, landline numbers, or voice-over-Internet-protocol (VOIP) numbers; unpublished phone numbers; addresses; and other personal data – without any notice to and consent by the owners of those numbers.

In essence, within literally a matter of hours, someone who purchases such information from a data broker Web site can gain unauthorized access to an individual’s daily calls and contacts, home and billing addresses, and other valuable confidential information. It is very disconcerting that certain online data broker companies are exploiting consumers’ personal records and selling the information to whomever pays for the records. With the exception of the legitimate activities of law enforcement authorities, who in any event have legal means for acquiring such information, we struggle to find any ethical justification for marketing this data.

Thus, in an effort to learn more about Global’s business and activities related to the sale of cell phone related records and other personal data, we are writing to you today to seek additional information to assist with this review. We request that, pursuant to Rules X and XI of the U.S. House of Representatives, you provide the following records and information detailed below on or before Wednesday, April 14, 2006:

1. Describe the services that are provided by Global.
2. List and describe all businesses (including Internet Web sites) owned by, associated with, or otherwise related to, Global that sell consumer cell phone related records and other personal data. Along with the description of each such business, provide: 1) a description of the services offered by the business; 2) the date the business was founded or purchased, and if purchased, from whom; 3) a list of all individuals who have an ownership interest in the business; 4) a list of the names and contact information for all corporate officers and executives, including telephone numbers and email addresses; 5) a list of the names of all individuals employed or otherwise compensated for his services by the business; 6) the physical location and address of the business’ headquarters and all other places of business; and, 7) the annual gross and net revenue generated by the business for each calendar year since its inception.
3. List and describe in detail all methods by which Global (and any of its related businesses) acquires the personal cell phone records and other data associated with a given cell phone number.
4. Do the employees of Global (or any of its related businesses) pose as customers seeking information about their own accounts (“pretexting”) to obtain the data being purchased by a Global customer? Does Global (or any of its related businesses) obtain access to cell phone company databases through computer hacking, impersonation of phone company employees or government agents, or other unauthorized and fraudulent means?
5. List all individuals or businesses that provide Global (or its related businesses) personal cell phone records and other data associated with a given cell phone number. For each individual or business, describe the nature of the relationship with Global (or its related businesses), the compensation arrangement with Global, and the amount or type of compensation provided by Global.
6. For Global and each of its related data broker businesses or Web sites, list the names of all employees, agents, consultants, and other individuals who work for or provide services to the company or Web site.
7. Has Global conducted, through an examination by either in-house or outside counsel, an analysis of the legal implications and risks of acquiring and selling the personal cell phone records and other data associated with a given cell phone number? If so, provide a copy of all such legal opinions provided to, or produced for, Global or its related businesses.
8. By calendar year since 2000, list the names of the top 20 customers, by revenue, for each of Global’s data broker Web sites. With each customer listed, and for each calendar year, provide the total dollar amount paid by the customer to the data broker.
9. All records related to the methods by which Global and its related data broker Web sites procure and sell telephone records, including but not limited to all contracts regarding such procurements.
10. All records related to any inquiries by law enforcement or regulatory officials regarding the procurement and sale of telephone records.
11. All company policy guidelines, employee manuals, or other instructions regarding the procurement and sale of telephone records, and all records related thereto.
12. Do Global and its related data broker Web sites obtain the consent of the owner of a phone number prior to procuring and selling records related to that phone number? Do Global and its related data broker Web sites ever notify the owner of a phone number that his records have been procured and sold? If yes, describe when and why.

Additionally, Committee investigators will be contacting you within the next week to arrange interviews with you and other company officers and employees. If you have any questions, please contact Tom Feddo of the Committee on Energy and Commerce Majority Staff at (202) 225-2927 or Consuela Washington of the Minority Staff at (202) 225-3641.

Sincerely,



Joe Barton
Chairman
Committee on Energy and Commerce

John D. Dingell
Ranking Member
Committee on Energy and Commerce

Ed Whitfield
Chairman
Subcommittee on Oversight and Investigations

Bart Stupak
Ranking Member
Subcommittee on Oversight and Investigations

http://www.middle-east-online.com/english/?id=21781

A little lengthy, but worth the read.

<a tantalizing snip>

Congress's Orwellian Compromise


With Bush calling the so-called ‘war on terror’ the ‘decisive ideological conflict of our time’ and drawing parallels between Osama bin Laden and V.I. Lenin, the overriding question is whether the United States is in store for a replay of Cold War paranoia, except this time with 21st century technology that Joe McCarthy never could have imagined, says Nat Parry.


A little over a year ago, I wrote an article called “Washington’s Orwellian Consensus,” which faulted Congress for rubberstamping many of George Bush’s sweeping assertions of presidential power, particularly his claimed right to spy on some American citizens without warrants.

The article noted that “the near-term outlook appears to be for a consolidation of George W. Bush’s boundless vision of his own authority” – but added the caveat, “at least until the November elections.”

<snipola #2>
The most recent example was the hasty pre-recess passage in the House and Senate of a bill revising the 1978 Foreign Intelligence Surveillance Act (FISA). The “Protect America Act of 2007” amends FISA by lowering the standard by which the President’s subordinates can issue a surveillance order.

The new rules permit the nation’s vast intelligence apparatus to conduct surveillance without a court order against anyone who is “reasonably believed” to be outside the borders of the United States.

“Notwithstanding any other law,” the bill states, “the Director of National Intelligence and the Attorney General may for periods of up to one year authorize the acquisition of foreign intelligence information concerning persons reasonably believed to be outside the United States.”

The bill’s proponents insist the targets are foreign terrorists. But the word “terrorist” is nowhere in the legislation, whose broad language simply grants the Executive Branch power to spy on communications of anyone “reasonably believed” to be abroad, including calls and e-mails to the United States.

More at link http://www.middle-east-online.com/english/?id=21781

Oh well. Its probably for the favorite charity of the CIA or NSA.

Go to this site to get the Company's story on this sorry saga.

http://www.amtd.com/

Excerpt from Press Release:


Omaha, Neb., September 14, 2007 – TD AMERITRADE Holding Corporation (NASDAQ:
AMTD) has discovered and eliminated unauthorized code from its systems that allowed access
to an internal database. The discovery was made as the result of an internal investigation of
stock-related SPAM.
The Company commissioned forensic data experts to assist in its investigation of this issue.
Results of their combined efforts reveal the following:
• Client assets held in accounts with the Company remain secure as UserIDs, personal
identification numbers and passwords were not stored in this particular database.
• Information such as email addresses, names, addresses and phone numbers was retrieved
from this database and affects TD AMERITRADE retail and institutional clients.
• While more sensitive information like account numbers, date of birth and Social Security
Numbers is stored in this database, there is no evidence that it was taken.
“While the financial assets our clients hold with us were never touched, and there is no evidence
that our clients’ Social Security Numbers were taken, we understand that this issue has increased
unwanted SPAM, which is annoying and inconvenient for them,” said Joe Moglia, chief
executive officer. “We sincerely apologize for that and any added concern this may have
caused.”
The Company has hired a third party, ID Analytics, Inc., to investigate and monitor for potential
identity theft. ID Analytics provides identity risk services to many of the country’s largest banks
and telecommunications companies, as well as government agencies. Following its initial
evaluation, ID Analytics found no evidence of identity theft as a result of this issue.



http://files.shareholder.com/downloads/AMTD/168835194x0x131830/bf2c6446-337e-4fc7-b1f2-d97aa7508add/SPAM_Release_FINAL.pdf

..k&r

interesting... what would it take to create enough fear to regulate the internet? I imagine an event similar to a digital "pearl harbor" hmmmmm......


nah... .Im just being paranoid.

...do!

"No evidence" SSNs, etc. were taken. YEAH RIGHT. My car is in the shop for repairs, I'm sick of the occupation and this regime - I don't know how much more crap I can take right now.

The head of this company is a right-wing crackpot who ran for office uttering the term "family values" ad nauseum. It would be a cold day in hell before I'd ever do business with such an outfit.



Cher

I stood outside and protested.

When I first opened our accounts, they had the only brokerage office near us. They closed the counter at the crossroads awhile back. Ameritrade does not offer the Blue Funds. These are left leaning good companies. I only have reservations about the blue fund Starbucks holdings.

"The Blue Fund invests in companies that both "act blue" and "give blue." We build our portfolios on core progressive values like environmental sustainability, community participation and respect for human rights. And then we go a step further, investing only in those companies whose political contributions demonstrate a sincere commitment to these values."

I will be changing company's, but not because of the stolen info. You are right, we should have left long ago.

http://www.bluefund.com/

K&R
:kick:

:wow:

Very interesting, we'll see what happens I suppose.

... I called them after getting an e-mail from someone so called, Ameritrade. I guess I got this mail as an ex-customer.

I don't know much about online trading, which was one reason I dropped Ameritrade, but if Ameritrade knew about people trying to phish, wouldn't you suppose they would have taken large measures from that point to go after hackers?

Maybe they did, and nothing these guys do can now prevent this.... (?) :shrug:

Social Security numbers, birth dates and account numbers were in the database but the company said there was no evidence they were taken.

Which probably means they were. If one database is lax, they probably all are - it's doubtful they implemented different security between each database. Also, the company has every interest in covering it up if they were taken, because it's their ass on the line.
People already trusted them with sensitive information - look where that ended up. Do you really want to trust them again that your SSN and other information wasn't taken?

Look at how long the TJ Maxx/Marshall's thing went on before they noticed. Perhaps a large corporate penalty is in order for anyone caught with lax enough security for confidential customer information to be stolen. Why was that information on Internet-accessible computers?

.

"Bin Laden" trades.

Someone broke into the barn.
We have now fixed the doors.
Sorry about the horses, you should keep an eye out for them.

Paraphrased, of course.