Company sued over customer info theft
September 16, 2007
OMAHA, Neb. — Online brokerage TD Ameritrade Holding Corp. said Friday one of its databases was hacked and contact information for its more than 6.3 million customers was stolen.
A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken.
The company would not share many details of its investigation, including when the hack took place, because it is still looking into the theft and cooperating with investigators from the FBI, SEC, Financial Industry Regulatory Authority and local authorities.
But Ameritrade has known about the problem at least since late May when two of its customers sued the brokerage in federal court because they were receiving unwanted e-mail ads on accounts used only for Ameritrade.
The data on Ameritrade’s servers may have been vulnerable for an extended period of time dating back at least to last October, according to the lawsuit filed by lawyer Scott A. Kamber. The company said Friday the problem had recently been fixed.
The plaintiffs in the lawsuit had wanted the court to order Ameritrade to tell its customers about the data problem, but Ameritrade issued its release before a hearing could be held. The plaintiffs are also seeking damages and are trying to qualify as a class-action lawsuit.
“They preferred putting out a press release with their own language in it rather than have the court order them to put out a release with our language,” Kamber said.
Ameritrade officials did not immediately respond to a message left Friday afternoon with questions about the lawsuit.
Earlier in the day, Ameritrade spokeswoman Kim Hillyer said the company discovered the breach in its system during a routine review of complaints about e-mail ads.
“As soon as we found the issue and were able to stop it, we made plans to notify clients,” Hillyer said.