Ameritrade warns 200,000 clients about potential data breach
A backup tape with account information is missing
Computerworld - A computer backup tape containing account information of more than 200,000 Ameritrade Inc. clients was apparently lost or accidentally destroyed while being shipped, prompting the online investment brokerage to notify the clients of a potential breach.
Donna Kush, a spokeswoman for the Omaha-based company, today confirmed that a package of data backup tapes was damaged in transit in late February by a shipping company that isn't being named. Four of the tapes in the package disappeared after the package was damaged but three were later found by the shipper during a search of its facility, she said.
The fourth tape is still missing and is presumed to still be lost in the facility or to have been destroyed accidentally.
"We do believe that foul play was not involved," Kush said. "We don't feel that any of the [client] information has led to any misuse."
The backup tapes held account information for clients and former clients from 2001 to 2003, Kush said.
Last week, the clients began receiving letters from Ameritrade telling them of the incident and offering one free year of credit-protection services from Identity Track. Chantilly, Va.-based Identity Track monitors credit profiles and alerts clients to activity that may indicate identity theft -- including recent inquiries, new accounts or address changes. Consumers can also access and review their credit reports.
In its letter to clients, Ameritrade said it's adding another layer of security to their accounts.
Kush wouldn't discuss what is being done in detail. "We're evaluating our processes and procedures on what we do here and are making some changes," she said.
Kush said the company acted as quickly as possible after learning in late February that the tapes were missing. "It took some time to work with the [shipping] vendor" after the loss was discovered, she said. "It took some time just to find those three tapes." More time elapsed as the search continued for the fourth tape.
"We feel we acted promptly," she said.
The backup tapes weren't labeled with Ameritrade's name or logo or any other identifiable information, Kush said. Although the data on the tapes was compressed and special equipment would be needed to read it, the information wasn't encrypted.
Under California law, which mandates that customers be told of potential data breaches, the company would have been required to notify about 175,000 of the affected former and current clients. But Ameritrade chose to send letters to all potentially affected clients.
The incident differs from several other recent high-profile data loss cases, which largely involved computer system break-ins or the thefts of actual computers. Last week,
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Pragmatic Endpoint Management: Empowering an SMB Workforce in the Age of Mobility Lacking the time for proper training and education, SMB administrators often resort to taking shortcuts to keep their environment running.This paper discusses the...
- Gartner Magic Quadrant for Application Security The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Privacy White Papers | Webcasts