It's been the weekend of breaches! Only hours after we learned of the Experian North America data breach, stock trading firm, Scottrade, released a statement announcing a cyberattack that compromised the contact information of 4.6 million customers.
The hack is believed to have occurred between late 2013 and early 2014, and targeted client names and street addresses. Scottrade was quick to assure customers that Social Security Numbers, email addresses, encrypted passwords and other sensitive data in the system appeared to be safe. They also stated that they had no reason to believe that any of its trading platforms or client funds were jeopardized.
While the fact that SSNs and passwords were not stolen is certainly good news, many have expressed concern that the company may not have had the right security in place to safeguard such sensitive information. Many have pointed out that Scottrade was not even aware of the attack until two years after the breach and only because they were notified by the FBI who was conducting an investigation into the incident.
We can't say for sure whether there was sufficient security or whether we'll see any immediate cases of identity theft directly connected to this breach, but that doesn't mean you're safe. Addresses and names may seem like trivial pieces of information to steal, but they are the keys to making several different kinds of scams work. We've talked about them here before: synthetic fraud, phishing scams, phone scams, etc. It is amazing the kinds of harm a fraudster can inflict with only the most basic information.
Bestselling author and investigative reporter, Brain Krebs, who back in 2013 broke the news that Target Corporation was breached, speculates on his blog KrebsonSecurity.com, "It may well be that the intruders were after Scottrade user data to facilitate stock scams, and that a spike in spam email for affected Scottrade customers will be the main fallout from this break-in."
We urge customers of Scottrade who may be part of the breach as well as others to never give any personal or sensitive information over the phone and to be wary of emails claiming to be from Scottrade that ask for financial information. As these kinds of cyberattacks become more frequent protecting our identities and being thorough about security has never been a bigger priority.
Stay tuned for any more updates on this story and remember that the holidays are just around the corner and with that family time and celebration come the biggest shopping days of the year. Give yourself some of peace of mind and use a credit monitoring service that can help alert you to certain activity on your credit files that may indicate fraud. Stay safe!