TD Ameritrade Breach Affects 6.3M Customers

Brokerage firm uncovers data-sucking malware during system audit

Tim Wilson, Editor in Chief, Dark Reading, Contributor

September 14, 2007

2 Min Read

Malware found on an internal database may have allowed spammers to steal names, addresses, phone numbers, and email addresses from as many as 6.3 million customers of TD Ameritrade, the brokerage firm revealed today.

In a press release, TD Ameritrade this morning confirmed reports that it has been informing customers of a potential security breach. The release does not confirm the figure of 6.3 million customers, but a company spokesperson did give that number to reporters in interviews.

The company uncovered the malicious code in one of its databases during an audit, which is part of a stock spam investigation. Sources familiar with the breach said the code is not unlike the code used to steal data on 1.3 million users at

TD Ameritrade has not closed its investigation, but early results indicate that the attack was designed not to penetrate users' accounts, but to collect addresses for spam campaigns. In addition to names and email addresses, the breached database also contains Social Security numbers, account numbers, and dates of birth, but there is no indication that the thieves stole any of this latter information, the brokerage firm said.

TD Ameritrade customers' user IDs, PINs, and passwords are stored in a separate database that was not penetrated in this attack, according to the company.

"While the financial assets our clients hold with us were never touched, and there is no evidence that our clients' Social Security numbers were taken, we understand that this issue has increased unwanted SPAM, which is annoying and inconvenient for them," said Joe Moglia, CEO of TD Ameritrade. "We sincerely apologize for that and any added concern this may have caused."

TD Ameritrade hired a third party, ID Analytics Inc., to investigate and monitor for potential identity theft. An initial evaluation by ID Analytics found no evidence of identity theft.

The brokerage firm says it is confident that it has identified the method in which the information was stolen and has taken the appropriate steps to prevent it from recurring.

"This issue is not unique to TD Ameritrade. It's something that all companies involved in e-commerce should be aware of and prepared to address," Moglia said. "We participate in industry peer groups to share information on these types of threats in the interest of protecting all clients."

A spokesperson declined to give further information on the malware, or how it penetrated the TD Ameritrade, until the investigation is complete.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights