Slashdot Mirror
Ameritrade Customer Data Lost
Rollie Hawk writes "Continuing the recent trend of customer data blunders in the news, Ameritrade has announced the loss of the personal data of up to 200,000 customers. The suspected cause is a routing error, but not the network kind. The online discount broker admitted that a backup tape of customer account data from 2000 to 2003 has been misplaced. They claim the cause is an error on the part of a shipping company. The tape was identified as missing in February, soon after being shipped. According to spokeswoman Donna Kush, nothing suspicious has been reported. Further blaming the shipping company, she explained that "this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor." It's doubtful that current and former customers with exploited information will care how this occurred. She further claimed that Ameritrade "has every reason to believe" that the tape has either been destroyed or is being held by the shipper. There's no word yet on how they arrived at this conclusion."
I mean, it's probably more likely that some law got passed in the past few years that's forcing companies to highlight all these incidents of compromised data, but it seems pretty spooky that we just recently hear about all these stories...
Make sure everyone's vote counts: Verified Voting
Once again, let me suggest that it may be time to legislate significant penalties for companies and/or individuals who are careless with personal data.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Great, next time I lose some important info that could compromise someone else's credit security, I'll just claim it's an "accident" and that "Shit happens".
Seriously, people would care if they
- knew what data had been lost (were they SSN/name combos? Trade information? Bank routing info for transfer?)
- Whether their had been affected
But they don't (currently) know... so of course they don't care... it's not clear what the impact is. And Ameritrade has every incentive to hide or destroy any evidence that reveals this. And, of course, the corporate media has no real incentive to reveal Ameritrade's fuckup either.Make sure everyone's vote counts: Verified Voting
doesn't mean they haven't lost it, but failed to report it in such a way that the media passed it on.
We're dealing with a very small subset of firms that have either been forced to admit, or have voluntarily admitted, data loss of customer records and personal data collected either with or without permission.
The number of firms that haven't admitted it, but have had it happen, is a LOT bigger.
-- Tigger warning: This post may contain tiggers! --
the only solution is the eradication, entirely, of the notion of 'personal data'. by that, i mean: you personally should be recording everything, not just the company. both sides should have their full records, for there to be 'fairness'.
until there is such a common, accepted, standardized practice, there will always be a mis-balance of corporate-Entity(knowledge of individuals) versus indepent-Entity(knowledge of corporate state). the reason we hate big brother is because we have no control over him; we'd accept his conditions, if turnabout was enforced by the state, and we had just as much public oversight of government as 'it' does 'us'.
from now on, simply record every single thing you do, anything thats a part of an agreement made with some company, yourself. save every single thing 'they' print you, put it in your system so that you data-mine them. use your digital prowess to record as much of your 'person->corporation' interaction as possible.
do it for a year, and then see how you feel about corporate loss of data.
its an odd thing, but in fact total-awareness is the only solution to problems of individual privacy versus corporate responsibility. its a wry old universe, doing the irony thing again..
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
Just gave them a call to close my account and I must say that they (or at least the person I talked to) was well versed on the talking points from the press release.
1) Blame third party
2) Data is not lost, we just don't know where it is
3) There has been no evidence of the data being used
The woman I spoke with was pretty adamant about making these points and really tried to keep me from closing my account.
I am not sure if this sort of revelation usually results in a significant loss of business or not, but it would appear they were well prepared to rebut peoples concerns.
"Oh, you hate your job? There's a support group for that, it's called everyone, they meet at the bar."
The data was encrypted. According to Ameritrade (my broker), special hardware is required to read the information, even if the tape was found.
All this information was sent in a letter last week.
As a customer, I feel it was nice for them to keep me in the loop, but I don't feel the least bit threatened.
Pretty much every company I've ever worked for uses some sort of courier service to move backup tapes off site. If something happens with that courier, after every reasonable precaution was taken by Ameritrade (which it certainly appears it has), it's pretty much out of their control.
They said what's happened, and what they think the exposure is. What else would you have them do, not send their backup tapes offsite?
1) Blame third party
"I don't do business with companies that cannot and will not take responsibility for what happens to its personal data (or whatever else). In the end, you are where the buck stops. Not the shipping company that you contracted."
2) Data is not lost, we just don't know where it is
"If you don't know where it is, then it is..." *drumroll*
3) There has been no evidence of the data being used
"Not that you know of...or yet."
People say I'm crazy, I got diamonds on the soles of my shoes...
I lost our backup tapes once. I left them on top of my car when carrying them to the off site storage. Fortunately, or mabye unfortunately, when I went looking for them, I found that I had ran over them. User data safe, 6 dds4 tapes destroyed, huge ulcer from worrying about server crash on the day of incident.
"It's not the despair, I can take the despair, it's the hope that's killing me!"
There is something specific for personal data that is used by financial institutions. It is called the Financial Modernization Act of 1999, aka Gramm-Leach-Bliley, aka GLB!
As an example of the penalties:
In November 2004, two companies were charged by the Federal Trade Commission (FTC) with violation of GLB for not having proper safeguards to protect customers' sensitive personal and financial information. One of those, Sunbelt Lending Services, agreed to a settlement that bars future violations of GLB and requires independent, biannual audits of its information security program for ten years.
One man's Funny is another man's Offtopic.
never underestimate the amount of data that can be lost in the back of a truck.
The Kruger Dunning explains most post on
You have it backwards. Cheap Bulk mail subsidizes first class mail. It's bulk, remember. It may be cheaper, but they send out thousands of them. Bulk rate minimum is 12 cents. It is usually more like 18 cents and can go up to almost 30 cents.
In your situation, the mailman must come to your box, which takes time. In most cases, he must merely stop at the street. In many communities, regulations will not allow a house mounted mailbox on new construction. It must be on the street. The Postal service does not charge based on the "worst case" of having to go to the box, but on the average case which is a mix of the two. Apartments are even better because they can get hundreds of peoples mail sorted out in maybe five minutes thanks to centralized mail facilities.
The Post office must take into consideration good situations like an apartment building, with bad situations, such as rural routes with one house every mile. Unlike many other delivery companies, they offer the same rate for any mail delivery anywhere in the United States. Great if you like to send mail from New York to California, not so great if you are inviting people to a block party.
The USPS makes money. The billions of peices of bulk mail they send every year helps us to enjoy reasonable first class stamp prices.
If you are not allowed to question your government then the government has answered your question.
I would rather think it is another example of corporations failing to effectively police themselves and the government having to step in. Free Enterprise would work like a dream if companies took responsibility for their actions - then governments wouldn't have any place to step in.
bun-fhuinneog agam!
For example, the various banks, credit card companies and other institutions that might E-mail you COULD adopt a policy of signing all messages with a PGP key, the public portion of which would be available on their web page. However if you compare the billions of dollars lost each year to the 20 minutes it'd take them to learn how to use PGP, you'll see that the billions of dollars is preferable since they typically don't pay it (It's either the customer, insurance or the taxpayer.)
On a similar note, a lot of companies don't publish SPF records becase the 5 minutes it takes to go to spf.pobox.com and enter your information in the wizard would distract the IT department from their ultra-important schedule of slashdot browsing (You know who you are.)
And yes, the fact that these companies won't so much as lift a finger to contribute toward preventing fraud or protecting your data really pisses me off.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?