TD Ameritrade: data theft
My latest coincidence with identify theft and data security: we just received a letter from TD Ameritrade CEO Joe Moglia that torturously begins:
Dear Mark Petrovic,
While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain information stored in our databases, including email addresses, to be retrieved by an external source. Your information is currently included as part of our database either because you are a former client or because you had in the past applied for an account at TD AMERITRADE.
My first question is: What is unauthorized code and what does it mean to remove it? Is this a synonym for “software”, as in lines-of-code? Sounds like unauthorized code means “Trojan Horse” or virus, as the letter goes onto say that the unauthorized code was able to bypass detection by our anti-virus software and other protective systems. All reads: Windows-based financial services shop gets hacked.
My second question is: What is an external source?
What this opening paragraph says is that information about me was stolen from TD Ameritrade.
It seems sort of peculiar that the breach the letter describes was discovered while investigating (read: operating diligently on my behalf, followed by posterior-covering) the “industry-wide” (read: it’s not just us getting hacked) investment-related SPAM. One can run across network access anomalies in a lot of different ways, but specifically while investigating spam seems an odd, overly-specific segue into the disclosure of data theft. I doubt the discovery was made while investigating spam, which is sort of like saying we discovered it while thinking about email. But no matter. More information about me is now in the wild.
The letter closes with an assurance that ID Analytics, the firm brought in to assess damage, found no evidence of identity theft. And that I should keep a close eye on my credit activity. To which I can only say: thanks a lot — and no kidding.
So in December 2005, I received a similar letter from ABN-AMRO stating that tapes had been lost by DHL (read: finger pointing), the courier service, that contained my personal data. A few months ago, I received a similar letter from IBM HR – that is, that tapes with my data on them had been lost. And now TD Ameritrade steps up with this latest bit of bad news.
It’s become a full time job keeping up with who’s lost the information on my household that I entrusted to them.
[tags]td ameritrade, identify theft, data loss[/tags]
