Another day, another data breach, another 4.6 million customers potentially at risk. This time hackers have targeted the stock trading service Scottrade. The Scottrade hack took place in late 2013 and early 2014 and could affect up to 4.6 million people who signed up for the service before February 2014.
The system accessed contains Social Security numbers, email addresses, client passwords, and other sensitive data, but Scottrade indicates that it appears contact information was the sole focus of the attack.
We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.
In addition to working on notifying all customers who may have been affected, Scottrade is offering one year of free identity protection services.
Out of an abundance of caution and concern for affected clients, we are offering you a year of complimentary identity protection services through AllClear ID. The details of how to enroll in this service are included in the direct client notifications. Some clients have already received that communication, which is still en route to others.
So why did the company wait so long to inform the public it was hacked? According to the company, they weren’t alerted to the hack by the FBI until this past August. What’s disconcerting about that is that Scottrade didn’t know it was hacked, and the FBI took over a year and a half to notify them of the hack. That’s a pretty long time for user information to be out in the wild and potentially used by those who obtained it.
Were you affected by the Scottrade hack? If so, is one year of free identity protection services fair compensation? Let us know in the comments below, or on Google+, Twitter, or Facebook.