Scottrade, an online stock trading platform, revealed that it has experienced a data breach that exposed the personal information of 4.6 million of its customers. The financial services company was informed about the data breach from federal investigators as opposed to internal network security personnel. Additionally, the breach remained undetected for over a year. According to their website, “Federal law enforcement officials recently informed us they’ve been investigating the theft of information from Scotttrade...we believe the illegal activity involving our network occurred between late 2013 and early 2014, and targeted client names and street addresses. Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident.” 

Mostly known for their multi-tiered online stock trading platforms, including ScottradeELITE Advanced Trading Platform, Scotttrade OptionsFirst, and Scotttrade Mobile Application, the company also offers brokerage services, banking services and investment education. If you or someone you know had an account on Scottrade previous to February 2014, your sensitive information may have been collected in the data breach. One positive note in the news of the breach is that no account passwords were stolen as they remained encrypted at all times.

Brian Krebs believes that the focus on client names and contact information, as opposed to Social Security numbers, may have to do with the facilitation of future stock scams: “a spike in spam email for affected Scotttrade customers will be the main fallout from this break-in.” He refers to a previous data breach at JPMorgan Chase which exposed contact information for over 80 million clients, in all likeliness used to “further stock manipulation schemes involving spam emails to pump up the price of otherwise worthless penny stocks.” As has become the norm with such incidents, the company is offering free credit monitoring services to affected customers. While financial services firms are typically the highest spenders when it comes to information security, the length that this breach remained undetected, as well as its discovery by external investigators is surprising.