Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ameritrade Customer Data Lost

Posted by CmdrTaco on from the it's-going-to-get-worse-before-it-gets-better dept.

Rollie Hawk writes "Continuing the recent trend of customer data blunders in the news, Ameritrade has announced the loss of the personal data of up to 200,000 customers. The suspected cause is a routing error, but not the network kind. The online discount broker admitted that a backup tape of customer account data from 2000 to 2003 has been misplaced. They claim the cause is an error on the part of a shipping company. The tape was identified as missing in February, soon after being shipped. According to spokeswoman Donna Kush, nothing suspicious has been reported. Further blaming the shipping company, she explained that "this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor." It's doubtful that current and former customers with exploited information will care how this occurred. She further claimed that Ameritrade "has every reason to believe" that the tape has either been destroyed or is being held by the shipper. There's no word yet on how they arrived at this conclusion."

4 of 324 comments (clear)

  1. An Epidemic? by WhiteBandit · · Score: 4, Informative

    So I've been creating a list of all the major cases I've heard about in 2005. Nearly 1.3 million people have been affected so far this year. Of course now Slashdot won't let me post the information because I have "too few characters per line."

    I originally posted an expanded version of this list on my blog to start keeping track of everything.

    Here is basically what it looks like:
    Date: 04-18-2005
    Name of Organization: Ameritrade
    How: Lost backup tape with shipping agency
    People Affected: 200,000
    Link: http://money.cnn.com/2005/04/19/technology/ameritr ade/

    Date: 04-14-2005
    Name of Organization: Polo Raplh Lauren - Mastercards
    How: "Security Breach" - Hackers
    People Affected: 180,000
    Link: http://www.sfgate.com/cgi-bin/article.cgi?file=/n/ a/2005/04/14/financial/f064639D31.DTL

    Date: 04-08-2005
    Name of Organization: San Jose Medical Group
    How: Stolen Laptop
    People Affected: 185,000
    Link: http://www.sfgate.com/cgi-bin/article.cgi?f=/news/ archive/2005/04/08/financial/f115753D39.DTL

    Date: 03-29-2005
    Name of Organization: UC Berkeley
    How: Stolen Laptop
    People Affected: 98,000
    Link: http://sfgate.com/cgi-bin/article.cgi?file=/c/a/20 05/03/29/BAG3MBVSFH1.DTL

    Date: 03-26-2005
    Name of Organization: Northwestern University
    How: "Security Breach" - Hackers
    People Affected: 21,000
    Link: http://www.chicagotribune.com/technology/
    chi-050 3260274mar26,1,5138021.story?coll=chi-technology-h ed&ctrack=1&cset=true

    Anyway, this is definitely getting ridiculous and out of hand. And it seems we're pretty much helpless to control it as well. When are a lot of these companies going to stop requiring valuable information like social security numbers and such?

  2. Re:Data loss... or ... data collection? by Daedala · · Score: 5, Informative

    This isn't a recent spate of customer data loss. It is, as you note, a recent spate of customer data loss reporting. It's mostly due to California Civil Code 1798, formerly known as State Bill 1386. Before we were just quietly leaking like a sieve; now we know we are.

    --
    What I say does not represent the views of my employers, my friends, my cats, or myself.
  3. Why do so many sites collect personal information? by amichalo · · Score: 4, Informative

    I work with eCommerce for a living. Credit card processing requires the CC#, Exp date, CVV2 code (the digits on the back of the card) and the billing Zipcode.

    Why then must we supply name, address, phone number, email, and other personal information just to make a purchase? (obvious answer is for customer profiling and contacting post-sale.)

    I try to refuse to provide a SSN whenever I recocgize it isn't needed (like to establish an account at the local dry cleaners) but so often, employees become adjitated, as if I am trying to hide something.

    We as consumers need to do more to protect our own personal data from getting to 3rd parties in the first place.

    Now obviously Ameritrade needs such financial and personally identifying information for SEC and IRS compliance, but in that case, they should be required by an oversight body to protect that information.

    HIPPA protects the privacy rights of US citizens healthcare information and has two very important rules:
    (1) information must be secured
    (2) only the minimal information may be collected when required and only the minimal information may be shared with those who require it.

    Why doesn't this exist for SSN, bank account numbers, etc?

    --
    I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
  4. Re:Tape? For backups yes by ihaddsl · · Score: 4, Informative

    What you are quoting are the rules for archival storage of information (that is the rule that requires orginasations to store for 6 years data relating to their transactions for compliance purposes.) This does not apply to all information retained by brokers (but to specific transactional related data), and it most certainly does not apply to regular backup procedures