![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
follow-up: Ameritrade leak looks to have started in late '05, much earlier than reported
From: security curmudgeon <jericho () attrition org>
Date: Wed, 19 Sep 2007 17:32:45 +0000 (UTC)
http://www.networkworld.com/community/node/19720 Ameritrade leak looks to have started in late '05, much earlier than reported Submitted by Paul McNamara on Wed, 09/19/2007 - 1:17pm. E-mails obtained by Network World show that Ameritrade received explicit and repeated warnings from an IT security expert starting Jan. 9, 2006 that its customer data had apparently been compromised, placing the start of the breach much earlier than previously reported and likely pushing it into 2005. Nevertheless, the company insisted for the next 20 months that a flood of stock-related spam being received by numerous clients was not indicative of a more serious problem. Following that January 2006 e-mail, subsequent warnings from multiple sources -- including a column this May by my Network World colleague Mark Gibbs -- also failed to prompt the company to alert its clients. Only last Friday did Ameritrade publicly acknowledge that "unauthorized code" on its systems had "allowed certain information stored in one of our databases, including e-mail addresses, to be retrieved by an external source." More than 6 million customer accounts were exposed, although Ameritrade contends there has been no known identity fraud associated with the breach. "I warned Ameritrade of a security breach in January of 2006, which means that it likely occurred in mid- to late-2005," says Joshua Fritsch, who sent the Jan. 9, 2006 e-mail and provided copies of his exchange with Ameritrade to Network World. Fritsch has 15 years of experience in networking, including "security design and management for a global financial firm." [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- follow-up: Ameritrade leak looks to have started in late '05, much earlier than reported security curmudgeon (Sep 19)