- Bargaineering - http://www.bargaineering.com/articles -

TD Ameritrade Discovers Database Breach

My Roth IRA is with TD Ameritrade and this morning I received an email, included below, from TD Ameritrade CEO Joe Moglia in which they explained that unauthorized code gave someone access to a database that included email addresses and social security numbers. It’s the social security number part that scares me but as long as you’re on top of your credit reports (you get free ones each year), it should be okay.

I also noticed an uptick in unfiltered spam to my Gmail account linked to this TD Ameritrade account early this week and didn’t make a connection to any external accounts because I generally don’t use that Gmail account for anything other than friendly correspondence. This underscores the importance of having multiple email accounts for your important correspondence so you can get a better indicator of list selling and breaches before they’re announced. For example, if I always had TD Ameritrade correspondence sent to a Gmail account and ONLY that Gmail, any spam there would indicate some sort of list selling or a breach.

Is there much anyone can do about this? Like any other breach, nothing except be diligent in your review. What is comforting is that TD Ameritrade’s Asset Protection Guarantee, which protects your principal from things outside your control such as breaches, will cover everything if something happens.

Email included after the jump.

Let me tell you why I am sending you this email. While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases, including email addresses, to be retrieved by an external source.

Please be assured that UserIDs and passwords are not included in this database, and we can confirm that your assets remain secure at TD AMERITRADE.

What we want you to know:

* Once we discovered the unauthorized code, we took immediate action to eliminate it. We are confident that we have identified the means by which the information was accessed and have taken appropriate steps to prevent this from reoccurring.

* You continue to be covered by our Asset Protection Guarantee, which protects you and your assets from any unauthorized activity that may occur in your account through no fault of your own. If you lose cash or securities as a result of such activity, we will reimburse you for the cash or shares of securities you lost.

While Social Security Numbers are stored in this particular database, we have no evidence to establish that they were retrieved or used to commit identity theft. (emphasis mine) To further protect you, we have hired ID Analytics, which specializes in identity risk, to investigate and monitor potential identity theft. ID Analytics provides identity risk services to many of the country’s largest banks and telecommunication companies, as well as government agencies. Following its initial evaluation, ID Analytics found no evidence of identity theft as a result of this data breach. We will retain its services on an ongoing basis to support your TD AMERITRADE accounts and to monitor for evidence of identity theft. We will alert and advise you if any is found. As always, we encourage you to remain alert in guarding your personal information, regularly review your account statements and monitor your credit activity from the major reporting agencies.