The personal details of nearly five million customers of retail brokerage Scottrade were accessed by cyber-criminals between late 2013 and early 2014, the firm has revealed.
In a notice on its site, the Missouri-based firm claimed that client names and contact information were the focus of the attack.
However, the statement didn’t rule out the theft of Social Security numbers, email addresses and other sensitive data.
It added:
“We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.
We have secured the known intrusion point and conducted an internal data forensics investigation on this incident with assistance from a leading computer security firm. We have taken appropriate steps to further strengthen our network defenses.”
Scottrade said that it was notifying affected customers and is offering identity protection services with AllClear ID to those 4.6 million whose information was targeted.
Although all passwords are encrypted by the firm, anxious users can change them by visiting the Knowledge Center.
Customers will be nervous to hear that Scottrade only realized something was wrong when it was informed by federal law enforcers.
They now face the prospect of an increase in unsolicited mail as the hackers look to exploit the stolen information.
The data breaches continue to come thick and fast in 2015.
Just a few days ago Experian revealed that it had been hit by an attack, exposing the personal details of 15 million customers.
In this instance, names, addresses and birth dates were lifted along with Social Security and ID including passport and driving license. The latter three were encrypted but the credit check firm admitted that this “may have been compromised.”