Ameritrade: Leaking Client Data For Over A Year
The breach was so serious that Ameritrade found 'unauthorized code' in their systems, and have yet to be able to fully account for how it got there. The breaches allowed for about 6 million customer records to be compromised, but the limits of what data was stolen hasn't been completely disclosed at this time. It seems likely that it was almost certain to include e-mail addresses and potentially much more:
“E-mails obtained by Network World show that Ameritrade received explicit and repeated warnings from an IT security expert starting Jan. 9, 2006 that its customer data had apparently been compromised, placing the start of the breach much earlier than previously reported and likely pushing it into 2005. Nevertheless, the company insisted for the next 20 months that a flood of stock-related spam being received by numerous clients was not indicative of a more serious problem.”
Despite the numerous warnings via e-mail and even a news column, Ameritrade was extremely slow to announce that their security was compromised.
What are your feelings on the Ameritrade leak? Was the company concealing embarrassing information for a purpose or was this a serious case of denial? What kinds of punishment, if any, should be imposed on the company? Perhaps most importantly, how much (if at all) does this shake your faith in on-line trading?