Login  |  Register  |  Contact

TD Ameritrade: Making Life Harder For Themselves

Sheesh… just when you think they’re over the hump, more details leak on the TD Ameritrade breach and they aren’t looking quite so competent anymore.

Network World has a good article up summarizing the latest developments. A few tidbits stand out:

The Ameritrade spokeswoman says the company believes no Social Security numbers have been taken because the only known illicit activity traceable to the breaches is spam, not identity theft.

There's a word for statements like this... bullshit! Just because they haven't traced any identity theft or other fraud to the SSNs in their database doesn't mean the numbers aren't sitting on some bad guy's hard drive someplace. If they determined that SSNs are not at risk because the specific malicious software involved was analyzed and limited itself to email, then that's one thing. But saying "nothing bad has happened so far, so nothing bad will ever happen" is stupid.

Folks, time for a reminder. This is all Crisis Communications 101- as history has shown, the best way to defend your reputations in a major incident is to admit the failing, spare nothing to protect your customers, and act as openly and honestly as possible. Otherwise we wouldn't have seen a bottle of Tylenol on a store shelf since the 1980's.

This:

The company says it will sign its customers up for the service on an exception basis -meaning they don't automatically get it - but it doesn't advertise this option in any of the literature it has put out concerning the data compromise.

is not putting your customers first.

The rest of us should learn from this; TD Ameritrade is now suffering more negative publicity than if they had come clean from the start.

I've moved our little poll on this to the sidebar, and will post the results on Monday. I'm starting to think it might be something other than SQL injection...

—Rich

Posted at Friday 21st September 2007 12:34 am Filed under: non-geekvirtualization

Previous entry: Anyone Going To SANS Vegas Next Week? | | Next entry: Go Check Your Gmail Settings... XSS Vulnerability

Comments:

By Network Security Podcast  on  09/25  at  04:11 AM

[...] Rich’s blog entry on TD Ameritrade [...]

By Network Security Blog » Network Security Pod  on  01/05  at  01:39 AM

[...] Rich’s blog entry on TD Ameritrade [...]

By Paul  on  08/05  at  09:09 PM

Has anyone had the misfortune to try to deal with these bozos.
Ask for a supervisor and you get some kid, probably first day on the job with no training, reading you from a manual. At least when you call other companys and get bangalore or manila, they can claim an english barrier. Here its an intellect barrier.

I am out of here.

By George Dok  on  10/01  at  11:33 PM

Is my money safe at Ameritrade? How are Ameritrade customers affected by the current financial crisis?

By rmogull  on  10/02  at  12:18 AM

The crisis is well beyond the predictions of this little security blog, but I don’‘t see any reason to pull out of TD Ameritrade if you are otherwise happy with their service. You can call them to see if your information was exposed and if you qualify for credit protection.

Page 1 of 1 pages

Name:

Email:

Location:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: