Ameritrade Customer Data Lost

Rollie Hawk writes "Continuing the recent trend of customer data blunders in the news, Ameritrade has announced the loss of the personal data of up to 200,000 customers. The suspected cause is a routing error, but not the network kind. The online discount broker admitted that a backup tape of customer account data from 2000 to 2003 has been misplaced. They claim the cause is an error on the part of a shipping company. The tape was identified as missing in February, soon after being shipped. According to spokeswoman Donna Kush, nothing suspicious has been reported. Further blaming the shipping company, she explained that "this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor." It's doubtful that current and former customers with exploited information will care how this occurred. She further claimed that Ameritrade "has every reason to believe" that the tape has either been destroyed or is being held by the shipper. There's no word yet on how they arrived at this conclusion."

Question

[elid]

If date is being transported via a 3rd party carrier, wouldn't it make sense to encrypt the data first?

Re:Question

[MyLongNickName]

No. I'll tell you why. Encrypting takes money and time in order to set up procedures and train and implement.

There is no penalty for losing customer data other than bad press. And how many people really pay attention? Not too many.

Therefore, from a bottom line standpoint, it makes no business sense to take precautions.

I do not blame business. Business is out to make money. It is government's job to assign the real cost of carlessness back to the folks who allow the problems. I am not for big gov't regulation, but requiring disclosures of security procedures, and a penalty for each customers' data that is lost would get the attention of management quick.

Re:Question

[TripMaster+Monkey]

Encrypting takes money and time in order to set up procedures and train and implement.

Just how much time, money, and training does it take to specify a session/encryption password in the backup dialog?

We encrypt all our backups. Not doing so is reckless, as backup copies are regularly sent via UPS to offsite storage facilities.

Re:Question

[AviLazar]

How do you know the data was not encrypted? I read the article, I do not recall seeing anything about encryption.

Re:Question

[qwijibo]

I agree with the philosophy of encrypting backups. However, in practice it does add another layer of complexity. It complicates recovery in the case of of partially corrupted media. Also, larger companies will have policies and compliance issues surrounding the use and storage of passwords for the backups. An encrypted backup without the password is nothing more than a false sense of security.

Re:Question

[yamla]

If the data was encrypted, there'd be no reason for them to announce a loss.

Re:Question

[NMerriam]

The data was encrypted. According to Ameritrade (my broker), special hardware is required to read the information, even if the tape was found.

Yeah, but that could just be marketing-speak for "you need a $2,000 tape drive to read the tape". Of course you need special equipment, the question still remains as to whether or not the data was encrypted on the fly during backup, or if it is stored as such and backed up in the same state. I would NOT consider it acceptable for a financial services company to ship around huge volumes of unencrypted customer data via third parties.

All that said, this is about the only recent customer data loss that in theory I find "acceptable", just because there are not a lot of practical ways to move backups to the opposite coast, and Fedex is a pretty typical choice. Fedex losing a package is rare, but it does happen -- not a lot Ameritrade can do about it.

Yes, I am an Ameritrade customer, but haven't received a letter so I assume (!) that means I wasn't on that backup tape.

actually....

[AviLazar]

It's doubtful that current and former customers with exploited information will care how this occurred.

While I would be upset if this was my personal information, if Ameritrade did what they were supposed to do (as in ensuring the shipping company was a decent company) then I would not be so uptight about the situation. People like to scream, shout and vent. Shit happens. If someone was grossly at fault they should be flayed, if it was a pure accident (as such things happen) well it is what it is.

Re:actually....

[rsborg]

Now to continue "if it was a pure accident (as such things happen) well it is what it is", see this shows that accidents happen and nobody is at fault. Such things could happen from glitches in the tracking system, mother nature, vandals/thieves, etc. While a company should try and minimize negative effects to their clients, bad things happen even when people take proper precautions.

Bullshit. If BAD STUFF HAPPENS, even if it's an accident, then someone should be held liable (Think Exxon Valdez... they had to clean up the mess). Sad fact of matter is that there is no real liability for Ameritrade's in this case. If there was, you'd bet your ass that either they would have a policy in place to prevent it from happening or to carefully vet their 3rd party shippers to prevent this kind of loss.

Nothing suspicious?

[Digitaltodd]

So, they lost the data and in transit the backup tape was lost. Hmmmm.....nothing suspicious to see here kids..please move along

Ameritrade needs to fire their IT Director

[ip_freely_2000]

"...Further blaming the shipping company, she explained that "this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor."

Ah, no.

This is squarely the problem of Ameritrade management. Protection and recovery of backup data rests squarely with IT. There should have been a detailed process done in conjunction with a reliable shipper to ensure protection ( or perhaps a private courier ) of the tape.

Yet another clueless corporation that has no sense of responsibility.

Re:How much longer until personal data gets protec

And they were careless in what way exactly?

Not an issue?

[yamla]

What is she on? How is this not an issue? If the data had been properly encrypted, it could have been lost with no danger of the data falling into the wrong hands. Ameritrade decided the data was not worth encrypting, and then lost it.

Even if they couldn't be bothered to encrypt the data, they then shouldn't have shipped it the way they did. They should have shipped the data in a
briefcase handcuffed to a trusted courier.

This is most definitely a failure, and a significant one at that. I am saddened that Ameritrade doesn't have the decency to own up to their mistakes. In Canada, they could be charged under the PIPED Act.

Re:Data loss... or ... data collection?

[stinerman]

A comment on one of those stories considered that a lot of this data theft/loss has to do with the fact that many companies (Choicepoint) are collecting data on people who are not their customers. There is no incentive for those businesses to keep the data safe.

As far as customer data loss, it could be any number of factors. I think a lot of it has to do with lax security policy at some of these businesses. Perhaps after this round of scares, others will step up their security.

I'm an Ameritrade customer and I DO care how...

[samdu]

...about how the data was lost. It's a little bit difficult to get angry about a lost package in the shipping process. It happens. It's always going to happen. It's rare, though. I'd be a little pissed off if this was due to a network breach at Ameritrade. As it is, I'm not too concerned. So, yeah, it DOES matter how the data was lost.

Re:I'm an Ameritrade customer and I DO care how...

[fishbowl]

"Over a bonded private courier who would baby sit the package from beginning to end, and if anything happend to the package they'd be out lots of money and looking for a whole new career?"

You do one level of risk management for an organ transplant, and another level for routine data warehousing.

Not Ameritrade's Fault?

[lbmouse]

Further blaming the shipping company, she explained that "this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor."

No, it's an Ameritrade-picking-a-bad-vendor issue. It is still ultimately Ameritrade's fault.

Re:Not Ameritrade's Fault?

[Xiver]

I agree. If someone pays a $10 per hour janitor a few thousand dollars to swap out a backup tape from our server room, we are responsible in one way or another. After all we are stewards of the data.

Re:Data loss... or ... data collection?

[sellin'papes]

This is possible. However, the Ameritrade privacy policy states that they can share personal information of clients with non-affiliated business to improve quality of service. The only thing preventing this from happening is an option that clients can request to not have their information trade with non-affiliates. I don't see any reason to pretend to 'lose' customer data, when you simply sell it legally.

Backup Tapes should always be encrypted

[workerbeedrone]

There is no excuse not to encrypt all backup tapes anymore where sensitive data is involved. There are appliance-style products out there specifically for encrypting tape backups, if you can't figure out another way.
And I'm sure there are plenty of SW solutions also.

This kind of crap has been happening too often.
I hate to say we need a law, but we need a law.

Re:Data loss... or ... data collection?

[jd]

California did pass a law requiring the reporting of incidents. It is unclear if this has anything to do with the reports, other than these reports all came out afterwards.

At least two companies have increased initial estimates of data loss by an order of magnitude, which means at least one incident does indeed involve between one to two million records.

It is reasonable to assume that these companies are not any less concerned about security than others. If we assume, then, that these incidents are on a national basis rather than just in California, between fifty million to a hundred million records holding sensitive personal data are at risk or have been compromised. Between a third to a sixth of the entire population of the US.

At this point, the existing system is broken enough as to be unsafe. No matter what is done to it, up to a third of the population will remain at significant risk. That, to me, is unacceptable.

The "best" method may be to place a requirement that all future systems with confidential or sensitive data be locked down and secure, with extremely limited, controlled access. And 100% liability if standards are not met. After that legislation is in place, change the format of Social Security numbers to deliberately break all existing systems, forcing an upgrade.

Yeah, that's going to be a pain to a lot of businesses. But as the problem was caused by the deliberate recklessness of said businesses in the first place, it is hard to be too sympathetic.

Responsibility

[derfel]

I work for a company that designs and builds devices used in the medical industry. If we use a third party for hardware or software, we have to verify and vouch for that software. If a patient gets hurt because some 3rd party app did something wrong, the 3rd party doesn't get sued, we do. It should be the same for personal data. Ameritrade should have made sure the data was secure, whether it was in their hands or not. If anyone's identity gets stolen, or they get ripped off in any other way, Ameritrade should be liable for the loss plus damages! As should all of the other companies that are losing personal data.

OK, you try PGPing 15TB of data

[Colin+Smith]

I'll come back and ask you how you're getting on in a month or two.

Argh!

[crimoid]

"this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor."

I'm so peeved when I see comments like this. When will people realize that when they hire a 3rd party vendor to complete a task they are not absolved of responsibility. This IS an Ameritrade Systems issue. They didn't encrypt their data. They didn't hire a responsible shipper. They still "own" the issue.

I did technical account management for years. One thing our group was primarily responsible for was saying "Yes, this is our issue, we will see it to resolution". Even when the blunder was caused by a 3rd party, we owned it. It was our responsibility.

Re:Encryption expensive?

[Daedala]

Encryption is not expensive financially. Decent encryption tends to be computationally expensive, though, and may slow backups. Worse, it involves changing processes. Ever tried to make a bank change how they do things?

Re:Data loss... or ... data collection?

[FatAlb3rt]

There is no incentive for those businesses to keep the data safe.

No incentive?! There's a HUGE stack of negative PR that says you're wrong. Granted, Choicepoint may or may not have considered this before hand, but they've been raked over the coals over this issue (justifyably so). I'd bet that nearly every customer of Choicepoint is wondering if their data is safe.

Ameritrade? What about the IRS?

[Panaphonix]

Auditors find IRS employees vulnerable to hackers (3/17/05)

More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday... That was a 50% improvement when compared with a similar test in 2001, when 71 [of 100] employees cooperated and changed their passwords.

IRS Flaws Expose Taxpayers to Snooping, Study Finds (4/18/05)

In all, 7,500 IRS employees, law enforcers and outside contractors can access and modify tax returns and financial-crime reports, the GAO found. A master list of passwords and user names is also widely available, the report said. "Increased risk exists that unauthorized users could ... claim a user identity and then use that identity to gain access to sensitive taxpayer or Bank Secrecy Act data," the report said.

--
My Aunt sells identity theft insurance. Email me and I can put you in touch with her.

Shipper reliability

While most of you probably think that FedEx or Ups and the like are reliable, you are wrong. My company ships over a thousand packages a month and there are regularly 1-2 packages lost. Just gone, no record, no trace, nothing. The shippers don't seem to think this is unusual, there are systems in place to deal with the unhappy customers. A cost of doing business.
I think it's interesting to say OK, so if FedEx is losing .1% of it's packages, multiply that by the number of packages they ship every day and that's a lot of shipments lost. What happens to them? Is there a lost package department? Do they just trash the leftover stuff?

In fact no shipper is reliable. Things can and will get lost. Just the way things are. Doesn't mean some one stole it, or if someone stole it that they would know what to do with a backup tape. It would certainly be better if the data was encrypted, but there's very little chance (impossibly small even) this fell into the wrong hands. It's probably sitting in a pile in a warehouse somewhere or crushed along side a road.

Re:Data loss... or ... data collection?

[stinerman]

I'd bet that nearly every customer of Choicepoint is wondering if their data is safe.

It went way over your head.

Choicepoint is little more than a data aggregator. Choicepoint's customers are people who buy the information they collect on people like you. You are not a customer of Choicepoint even though your information is what they are selling. They have no incentive to keep your data safe because you aren't their customer.

Re:Rumsfeld

Sounds exactly like Newspeak to me.

There are known knowns and unknown knowns and unknown unknowns. Yep, definitely Newspeak.

I swear, these guys read 1984 and they just thought, "Man, these are such great ideas!"

Re:personal data protection == big sister

I have to reply as AC because I moderated you up, but I have something to add here. While you can collect all sorts of data about the interactions you have with corporate entities, you can't effectively mine that data the way the corporations can because your relationship with them is closer to one-to-one, whereas their relationships with their customers is one-to-manymanymany. That's where the value of data mining comes into play, seeing trends in the seas of data these companies hold. You can never have that much data about the handful of companies and government entities you interact with.

You just can't get any good information out of this meager amount of data, except to see that these companes are all money grubbing whores. If you really want to watch the watchers, you need to do it as a group. Your data about your own corporate/governemnt interactions needs to be combined with other peoples'. It would be an interesting experiment to see just how long these companies let you keep your collective store of data about them.

Re:An Epidemic?

[Vitriol+Angst]

This list should be a lot longer. Various banks (like Chase, Wells Fargo, Bank of America) and Credit Card companies, HR & Block (I think), the IRS, and numerous other companies have had important customer data compromised.

There probably is a web site on this...
Hard to find with all the security alerts.

This is why it is vital that the Gov needs to use a Public/Private key system with authenticity handshaking with SSN (make the SSN a public ID, that is verified by a changeable password, businesses only receive a notice from the Gov that you are authorized to use it). The current system is absolutely broken. I've gotten three calls at home with someone trying to verify my wifes SSN so that they could use it for Identiy theft (tip; if a business doesn't want to give you an address, they are crooks).