Cyber Security Update

Federal law enforcement officials recently informed us that they’ve been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies. Based on our investigation and information provided by federal authorities, we believe the illegal activity involving our network occurred between late 2013 and early 2014, and targeted client names and street addresses.

Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident.

We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.

We have secured the known intrusion point and conducted an internal data forensics investigation on this incident with assistance from a leading computer security firm. We have taken appropriate steps to further strengthen our network defenses.

As a precaution, however, we directly notified and offered identity protection services to approximately 4.6 million clients whose information was in the targeted database. We take the security of the information entrusted to us very seriously and are fully cooperating with law enforcement in its investigation and efforts to bring the perpetrators to justice.

 

 

For Our Clients

We appreciate and value the trust you place in us. We are very sorry that this happened and for any uncertainty or inconvenience this has caused. We know that incidents like these are frustrating and we want to keep you informed about what our forensic investigation has revealed.

If your information was contained in the affected database, you have received a letter or email from Scottrade with additional information and resources.

We have secured the known intrusion point and conducted an internal data forensics investigation on this incident with assistance from a leading computer security firm. We have taken appropriate steps to further strengthen our network defenses.

If we learn new information, we will update this page.

Was I affected?
Current information indicates that the cybercriminals had unauthorized access to our network for a period of several months between late 2013 and early 2014.

If you had an account previous to February 2014, your information may have been accessed through this incident. We are directly notifying everyone whose information was contained in the affected database so they are aware of what happened.

How safe is my Scottrade account?
We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. Based upon our internal investigation and information provided by the federal authorities, we believe a list of client names and street addresses was taken from our system.

Although Social Security numbers, email addresses or other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident. We have not seen any indication of increased fraudulent activity as a result of this incident.

Should I change my account password?
All client passwords remained encrypted at all times.

If you prefer to change your password, you may visit our Knowledge Center to learn more on updating your account. Periodically updating all passwords is an important way to stay safe online. You can learn more about staying safe online at our Security Center.

Are you offering identity theft protection?
Out of an abundance of caution and concern for affected clients, we offered a year of complimentary identity protection services through AllClear ID. The details of how to enroll in this service were included in the direct client notifications.

How can I keep myself safe online?
Cyber security attacks are on the rise not only for corporations, but also for individual financial information and home networks. All of us are in this together and we encourage you to visit our Security Center to review steps you can take to secure your information.

While you should be on the lookout for valid communications from us, please know that Scottrade will never send you any email or letter asking you for your account number, password or other private information. If you receive any correspondence requesting this information, it is fraudulent and we ask that you report it to us at phishing@scottrade.com.

 

 

Updated Dec. 1, 2016