What types of personal information were breached? Names, addresses and email addresses were stolen, as well as account activity information, including the number of trades that customers had conducted in the past half-year.
TD Ameritrade said there was no indication that account numbers, birth dates or Social Security numbers were stolen.
Passwords and PINs were not in the database.
Accounts opened after July 18 were not impacted.
What was the response? TD Ameritrade said it is working with several federal agencies, including the FBI, the Securities and Exchange Commission, and the Financial Industry Regulation Authority, to investigate the breach.
It has also hired ID Analytics and Mandiant to investigate the breach.
Experts have said spammers will continue to take advantage of the breach.
Details: TD Ameritrade found out about the breach when customers said they received spam offering unsolicited investment advice.
Source: SC Magazine, Sept. 14, “TD Ameritrade database breach an inside job?”