Friday, September 21, 2007

Ameritrade leak started in late '05

Apparently the Ameritrade leak started in late '05, much earlier than reported. Network World details the recent revelations:

E-mails obtained by Network World show that Ameritrade received explicit and repeated warnings from an IT security expert starting Jan. 9, 2006 that its customer data had apparently been compromised, placing the start of the breach much earlier than previously reported and likely pushing it into 2005. Nevertheless, the company insisted for the next 20 months that a flood of stock-related spam being received by numerous clients was not indicative of a more serious problem.\


While Ameritrade insists that it was working diligently - and hiring specialists - to stem the flow of spam, all of those efforts proved ineffective until recently ... and customers remained in the dark. In August 2006, Fritsch tried again to warn Ameritrade - via e-mail and telephone - this time providing samples of the spam that was hitting his Ameritrade-only account. At this point it's clear that the matter has Ameritrade's attention, even if the company was not sharing those concerns with its client base.


Fritsch had already sent what they were asking for, but he sent more, just to be helpful. Finally, near the end of August - again, this is 2006 - Fritsch received this e-mail from Ameritrade:

Joshua Fritsch,

We have received many headers from various client reports. At this time there is no need to continue to forward this information to TD AMERITRADE. We appreciate your cooperation in our investigation.

And another full year would pass before 6.2 million Ameritrade customers would learn that all that spam they had been getting was more than just spam.

No comments: