Photograph by Getty Images/iStockphoto

Scottrade data breach affects millions of customers

Oct 02, 2015

Retail brokerage Scottrade announced on Friday that it had suffered a data breach affecting 4.6 million customers. Hackers apparently stole client contact information.

"Based on our investigation and information provided by federal authorities, we believe the illegal activity involving our network occurred between late 2013 and early 2014, and targeted client names and street addresses," the company said in a statement posted to its website. "Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident."

Despite apparently believing that Social Security numbers were not compromised, the company said it will offer the 4.6 million affected customers identity theft protection services "as a precaution."

"We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised," the company said. "Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident."

Federal authorities, who notified Scottrade of the breach, are investigating similar thefts at "other financial services companies," the company said, without disclosing the names of the other firms.

It is not uncommon for stolen contact information to be used by hackers in spam email and stock manipulation schemes. As independent cybersecurity reporter Brian Krebs details of a recent case:

In July 2015, prosecutors in Manhattan filed charges against five people — including some suspected of having played a role in the 2014 breach at JPMorgan Chase that exposed the contact information on more than 80 million consumers. The authorities in that investigation said they suspect that group sought to use email addresses stolen in the JPMorgan hacking to further stock manipulation schemes involving spam emails to pump up the price of otherwise worthless penny stocks.

Other organizations that have announced recent security breaches, just as cyber security awareness month gets underway, include Experian, American Bankers Association, and Trump Hotels.

Subscribe to Data Sheet, Fortune’s daily business-tech newsletter.

For more on spam email, watch this video below.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions