Incident: Hacker hits Troy Group's eCheck Secure service, affects customers of Scot Trade online brokerage

Incident: Hacker hits Troy Group's eCheck Secure service, affects customers of Scot Trade online brokerage

Thanks to Brian Krebs on Computer and Internet Security for pointing me to this story ...

One of the largest online brokerage houses in the United States has started informing a large group of its customers that a hacker has obtained access to information on customers of Troy Group's eCheck Secure service, which is used by a number of Scot's customers to settle their accounts. Scot is the fifth or sixth largest such service provider in the US. Customers received the following letter:

Scottrade:

November 11, 2005



Re: Alert for users of the eCheck Secure™ Service

Dear Customer:


We are contacting you to inform you that Scottrade has experienced a data security issue with the eCheck Secure™ service. Our records indicate that you have used eCheck Secure™ for the purpose of electronically moving funds from your bank to Scottrade. We will detail what we know about the situation and also what steps you should consider taking to safeguard your information.


On October 25, 2005, Troy Group Inc., the provider of the eCheck Secure™ service and other services to the financial services industry, reported to us that a computer hacker had compromised its eCheck Secure™ servers. As a result, some of your personal information, including your name, driver's license or state ID number, date of birth, phone number, bank name, bank code, bank number, bank routing number, bank account number and Scottrade account number may have been compromised. If you used your Social Security number as your driver's license or state ID number, your Social Security number may have been compromised as well. We do not know whether the hacker has actually accessed and/or used any of your personal information. However, Troy has notified us that it has blocked further unauthorized access to the information. The eCheck Secure™ service cannot be used to withdraw funds from your Scottrade account. Troy has filed a report with the FBI and is investigating in conjunction with a forensic analysis firm that it has retained. Scottrade has also contacted the FBI on this matter, and has a dedicated team to work on this issue and assist our customers who may have been affected.


We suggest taking the following steps for all your accounts that have eCheck Secure™ activated.


  1. Contact your local Scottrade branch office for additional information or to change your Scottrade account number. If it is not possible or convenient for you to contact your local Scottrade branch office, then you can reach our Service Center at 866-476-6500. Our Service Center is open Monday - Friday, 7 a.m. to 11 p.m. EST. Although this is not a situation where Scottrade's network was breached, you may, nevertheless, want to consider changing your Scottrade account number for additional protection.

  2. Remember to review your Scottrade account activity regularly and statement promptly. Report any suspicious activity to us.

  3. Although this was not an Internet security issue, you may want to change your Scottrade account access password periodically (a secure password that is easy for you to remember, but difficult for others to guess) by using our online change password process.

  4. Since your bank information could have been accessed, contact your bank immediately so it is aware of the situation and can monitor for unusual activity in your bank account.

  5. Review your bank activity and statements promptly to detect and prevent fraud. Look for transactions with strange payees or amounts you do not recognize. The more frequently you review your activity and statements, the easier it will be to detect suspicious transactions.

  6. If you use your Social Security number for your driver's license or state ID card, we strongly urge you to change your account number and place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. For more information on placing a fraud alert on your credit file, please see www.scottrade.com/security, a website that we have dedicated to this issue.



We are extremely sorry about this matter and will strive to rectify the situation to the best of our abilities. If you have any questions or concerns, please contact us, so we may be of assistance.

Sincerely,



Ellis Hough

Manager

Risk Management


I haven't heard of any other eCheck customers being notified.

at 6:05 PM
Labels: ,

0 comments:

Post a Comment

  • Health Care Reform Explained from B... Dan Roam at the Back of the Napkin Blog sums up the current health care reform effort in this four part health care series, Healthcare Napkins All. Great back of the...
  • Why We Need A Health Care Revolutio... Dr. Val Jones' road to revolution provides her personal perspective on the current state of our health care system and why we all need to work for change.Don't miss the...
  • The important lesson from sandcastl... As I return to West Virginia after a week spent at the beach -- this post by Jim Carrol, Futurist, Trends & Innovation Expert, caught my attention. Much of my week on...
  • A little Nick: I'm a liberal an... Law blogger posts online: Don't miss reading this post by my favorite hospital blogging CEO, Nick Jacobs over at Nick's Blog. Much of what Nick has to say strikes a chord with me and this post is...
  • Executive Order Impacts Health Care... Law blogger posts online: President Bush signed an Executive Order on August 22 requiring federal agencies to do more to inform public health care consumers about the cost and quality of health...
  • eHealthWV: West Virginia EHR Public... Law blogger posts online: As a part of West Virginia's participation in the Health Information Security and Privacy Collaborative (HISPC), West Virginia Medical Institute and its partners launch...
  • Physicians vs. Patient: Rating-Perm... Interesting post from the WSJ Health Blog on Medical Justice's new ratings-permission contracts (press release on service).This new service offered by Medical Justice...
  • Just when you thought it was safe: ... Law blogger posts online: I’ve blogged previously about just how much I hate browser toolbars and nothing much has changed in the four years that have passed. Call me nosey, but when I’m...
  • Governor Manchin Approves Cardiac C...The West Virginia Health Care Authority website indicates today that Governor Manchin approved the final revised certificate of need Cardiac Catheterization Standards.
  • A Law Actually Interview with… Litt... Next up in the interview chair is Gemma from Little Tiny Pieces. Little Tiny Pieces is an interesting name?  What it inspired it; does it have any hidden meanings?...
  • Let the voting commence!... Law blogger posts online: Yes, after two long weeks of nominations, the shortlist for the 2010 Blawggies has been decided and voting for the awards can officially begin! The polls will remain...
  • Is blogging good for your health?... Law blogger posts online: Is blogging good for your health?This Boston Globe article, Cancer blogs become part of treatment, indicates that blogging about your condition has a positive impact.The...
  • ADVANCE Magazine - Article on EHRs ... Recently I was interviewed for an article looking at the legal issues involved in the developing world of EHRs and PHRs written by Beth Walsh for ADVANCE Magazine. The...