Retail brokerage Scottrade announced on Friday that it had suffered a data breach affecting 4.6 million customers. Hackers apparently stole client contact information.
“Based on our investigation and information provided by federal authorities, we believe the illegal activity involving our network occurred between late 2013 and early 2014, and targeted client names and street addresses,” the company said in a statement posted to its website. “Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident.”
Despite apparently believing that Social Security numbers were not compromised, the company said it will offer the 4.6 million affected customers identity theft protection services “as a precaution.”
“We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised,” the company said. “Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”
Federal authorities, who notified Scottrade of the breach, are investigating similar thefts at “other financial services companies,” the company said, without disclosing the names of the other firms.
It is not uncommon for stolen contact information to be used by hackers in spam email and stock manipulation schemes. As independent cybersecurity reporter Brian Krebs details of a recent case:
In July 2015, prosecutors in Manhattan filed charges against five people — including some suspected of having played a role in the 2014 breach at JPMorgan Chase that exposed the contact information on more than 80 million consumers. The authorities in that investigation said they suspect that group sought to use email addresses stolen in the JPMorgan hacking to further stock manipulation schemes involving spam emails to pump up the price of otherwise worthless penny stocks.
For more on spam email, watch this video below.