

Why TD Ameritrade's Data Breach Is So Worrying - dpapathanasiou
http://www.wallstreetandtech.com/blog/archives/2007/09/why_td_ameritra.html

======
mynameishere
I too was afflicted by 1000s of spam messages resultant from this.

You know, maybe I need to brush up on my SEC regulatory knowledge, but it
seems like sending billions of emails pumping up worthless penny stocks would
be...seriously illegal. With _so many_ offenses would it really be so hard for
the FBI to see who's buying this crap before the spam goes out? You
know...crunch the numbers and then maybe raid their computers? Just a thought.

------
nickb
If I were running a financial-based startup, I'd be worried too. Large
companies like Ameritrade have security departments that are more than 3-4x
the size of some startups. It makes you really wonder if consumers will be
taken aback by the whole thing.

~~~
DocSavage
I know I was. I had a unique e-mail for Datek, which got bought by TD
Waterhouse then Ameritrade. Started getting the same spam in both my unique
e-mail and my very private (at that time) personal e-mail that was a backup
contact. Ameritrade refused to believe they were the problem despite the
obvious signs.

Back in July 2006, I posted an entry on my blog
(<http://www.billkatz.com/node/77>) and the comments showed a lot of people
having the same problem. The most troubling aspect was their constant denial
of the problem and the length of time it took to find the cause. Ameritrade
said this in e-mails to their customers over a year ago:

"We thoroughly reviewed our systems and data sent to third parties with access
to e-mail addresses and found no misuse or compromises of any of our systems
or storage mediums for e-mail addresses. Additionally, after further review of
our systems, there is no indication that your account information held with
Ameritrade has been compromised. Please be assured that we regularly contract
leading edge security firms to conduct network and application penetration
tests to test the security of our network and web presence. We also employ a
staff of full time employees solely dedicated to Information Security."

~~~
nickb
It's amazing how a sense of security can be so destabilizing and so dangerous.
Thanks for the post & link! Very informative.

