Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ameritrade Customer Data Lost

CmdrTaco posted more than 9 years ago | from the it's-going-to-get-worse-before-it-gets-better dept.

Privacy 324

Rollie Hawk writes "Continuing the recent trend of customer data blunders in the news, Ameritrade has announced the loss of the personal data of up to 200,000 customers. The suspected cause is a routing error, but not the network kind. The online discount broker admitted that a backup tape of customer account data from 2000 to 2003 has been misplaced. They claim the cause is an error on the part of a shipping company. The tape was identified as missing in February, soon after being shipped. According to spokeswoman Donna Kush, nothing suspicious has been reported. Further blaming the shipping company, she explained that "this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor." It's doubtful that current and former customers with exploited information will care how this occurred. She further claimed that Ameritrade "has every reason to believe" that the tape has either been destroyed or is being held by the shipper. There's no word yet on how they arrived at this conclusion."

cancel ×

324 comments

Sorry! There are no comments related to the filter you selected.

fp? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12293521)

frostists pists

Data loss... or ... data collection? (4, Interesting)

rsborg (111459) | more than 9 years ago | (#12293529)

Maybe I'm wandering into tinfoil-hat territory here, but what's with this recent spate [slashdot.org] of customer [slashdot.org] data loss [slashdot.org] ? I mean, holy hell.. there's been something like several millions of records of customer data being reported as "lost" or "stolen" lately... is someone [epic.org] trying to collect data on everyone surreptitiously?

I mean, it's probably more likely that some law got passed in the past few years that's forcing companies to highlight all these incidents of compromised data, but it seems pretty spooky that we just recently hear about all these stories...

Re:Data loss... or ... data collection? (0)

Anonymous Coward | more than 9 years ago | (#12293567)

Heh. Even more amusing is the possibility that they are releasing just enough information to create the appearance that self-policing is "good enough". (Not that this will work...)

We don't know the full extent of what's going on, and this might be a calculated risk to keep it that way.

Rumsfeld (1)

smitty_one_each (243267) | more than 9 years ago | (#12293808)

The Unknown
As we know,
There are known knowns.
There are things we know we know.
We also know
There are known unknowns.
That is to say
We know there are some things
We do not know.
But there are also unknown unknowns,
The ones we don't know
We don't know.
http://slate.msn.com/id/2081042/ [msn.com]

Re:Data loss... or ... data collection? (0)

Anonymous Coward | more than 9 years ago | (#12293601)

You are right. There is a new law that forces companies to publish this info

Re:Data loss... or ... data collection? (5, Insightful)

stinerman (812158) | more than 9 years ago | (#12293606)

A comment on one of those stories considered that a lot of this data theft/loss has to do with the fact that many companies (Choicepoint) are collecting data on people who are not their customers. There is no incentive for those businesses to keep the data safe.

As far as customer data loss, it could be any number of factors. I think a lot of it has to do with lax security policy at some of these businesses. Perhaps after this round of scares, others will step up their security.

Re:Data loss... or ... data collection? (2, Insightful)

sellin'papes (875203) | more than 9 years ago | (#12293688)

This is possible. However, the Ameritrade privacy policy [ameritrade.com] states that they can share personal information of clients with non-affiliated business to improve quality of service. The only thing preventing this from happening is an option that clients can request to not have their information trade with non-affiliates. I don't see any reason to pretend to 'lose' customer data, when you simply sell it legally.

Re:Data loss... or ... data collection? (1)

Reignking (832642) | more than 9 years ago | (#12293714)

As a "financial institution", Gramm-Leach-Bliley requires that they safeguard their non-public information, and that any third parties that they use do the same.

Re:Data loss... or ... data collection? (5, Informative)

Daedala (819156) | more than 9 years ago | (#12293719)

This isn't a recent spate of customer data loss. It is, as you note, a recent spate of customer data loss reporting. It's mostly due to California Civil Code 1798, [harp.org] formerly known as State Bill 1386. Before we were just quietly leaking like a sieve; now we know we are.

Re:Data loss... or ... data collection? (4, Insightful)

jd (1658) | more than 9 years ago | (#12293754)

California did pass a law requiring the reporting of incidents. It is unclear if this has anything to do with the reports, other than these reports all came out afterwards.


At least two companies have increased initial estimates of data loss by an order of magnitude, which means at least one incident does indeed involve between one to two million records.


It is reasonable to assume that these companies are not any less concerned about security than others. If we assume, then, that these incidents are on a national basis rather than just in California, between fifty million to a hundred million records holding sensitive personal data are at risk or have been compromised. Between a third to a sixth of the entire population of the US.


At this point, the existing system is broken enough as to be unsafe. No matter what is done to it, up to a third of the population will remain at significant risk. That, to me, is unacceptable.


The "best" method may be to place a requirement that all future systems with confidential or sensitive data be locked down and secure, with extremely limited, controlled access. And 100% liability if standards are not met. After that legislation is in place, change the format of Social Security numbers to deliberately break all existing systems, forcing an upgrade.


Yeah, that's going to be a pain to a lot of businesses. But as the problem was caused by the deliberate recklessness of said businesses in the first place, it is hard to be too sympathetic.

Re:Data loss... or ... data collection? (1)

homer_ca (144738) | more than 9 years ago | (#12293866)

It's because of California's law requiring notification of these incidents. In the past this would never have been reported. The banks and brokerages would much rather keep these things quiet.

I would expect some congressional (0)

Anonymous Coward | more than 9 years ago | (#12293537)

action soon.

Re:I would expect some congressional (1)

ackthpt (218170) | more than 9 years ago | (#12293743)

In action soon.

There, that's better. Sure, they'll convene a committee of grandstanders, a taskforce of paper shufflers and a special investigative body of stern and concerned looking faces, but unless it's a 'right to life', 'let's put some mean git in the UN' or 'drilling for oil in Alaska' issue, don't expect any midnight oil burning.

Re:I would expect some congressional (0)

Anonymous Coward | more than 9 years ago | (#12293815)

LOLZ U R teh funniez! Bush is stooopid!

fp (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12293542)

fp

Re:fp (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12293634)

luser .. i got the fp

GNAA RULEZ

Question (4, Insightful)

elid (672471) | more than 9 years ago | (#12293544)

If date is being transported via a 3rd party carrier, wouldn't it make sense to encrypt the data first?

Re:Question (1, Redundant)

Rollie Hawk (831376) | more than 9 years ago | (#12293586)

Good point.

Re:Question (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12293624)

Me too!!

Re:Question (0)

Anonymous Coward | more than 9 years ago | (#12293593)

Yes. Do you encrypt your backups before you ship them out? My company doesn't.

Re:Question (1, Insightful)

MyLongNickName (822545) | more than 9 years ago | (#12293643)

No. I'll tell you why. Encrypting takes money and time in order to set up procedures and train and implement.

There is no penalty for losing customer data other than bad press. And how many people really pay attention? Not too many.

Therefore, from a bottom line standpoint, it makes no business sense to take precautions.

I do not blame business. Business is out to make money. It is government's job to assign the real cost of carlessness back to the folks who allow the problems. I am not for big gov't regulation, but requiring disclosures of security procedures, and a penalty for each customers' data that is lost would get the attention of management quick.

Re:Question (3, Insightful)

TripMaster Monkey (862126) | more than 9 years ago | (#12293717)


Encrypting takes money and time in order to set up procedures and train and implement.

Just how much time, money, and training does it take to specify a session/encryption password in the backup dialog?

We encrypt all our backups. Not doing so is reckless, as backup copies are regularly sent via UPS to offsite storage facilities.

Re:Question (1)

lgw (121541) | more than 9 years ago | (#12293876)

Yup, you got it in one. You don't need cold-war encryption here, just enough security to prevent someone who receives the tape accidentally from learning that it's valuable. Any real backup software offeres that level of protection (even if the data's not really encrypted).

Actual on-tape encryption would be eve nmore valuable, and is trickling its way downmarket, but that's more about protecting yourself from malice than accident. It's also worth noting that if you use an encrypted filesystem, any decent backup software will back up the raw (still encrypted) files, which is another easy answer.

Re:Question (0)

Anonymous Coward | more than 9 years ago | (#12293704)

If date[sic] is being transported via a 3rd party carrier, wouldn't it make sense to encrypt the data first?

It would, which is why they did:
The spokeswoman also said the tapes weren't marked and the compressed data couldn't be accessed without special equipment. Ameritrade Loses 200,000 Client Files [nbc4.tv]

Re:Question (1)

TripMaster Monkey (862126) | more than 9 years ago | (#12293753)


Just where do you see the word 'encrypted' in that quote? I sure don't see it.

(I see the word 'compressed', but that's an entirely different word.)

Re:Question (1)

Trixter (9555) | more than 9 years ago | (#12293852)

I concur. I know many people who have reverse-engineered "unknown" compression schemes so compression != encryption.

Re:Question (0)

Anonymous Coward | more than 9 years ago | (#12293790)

...the compressed data couldn't be accessed without special equipment.

IE: Without a DAT drive.

Luckily.. (4, Funny)

ShaniaTwain (197446) | more than 9 years ago | (#12293546)

Luckily it was insured against loss and Ameritrade will be recieving a check for $100 dollars!

oh HooRay!

Re:Luckily.. (1)

grumpyman (849537) | more than 9 years ago | (#12293724)

Minus the shipping, handling and processing fee.

Re:Luckily.. (0)

Anonymous Coward | more than 9 years ago | (#12293765)

Is that for one hundred dollars dollars?

Re:Luckily.. (0)

Anonymous Coward | more than 9 years ago | (#12293823)

We regret to inform you that your check has been lost by the shipping company.

We have every reason to believe that the check is being held by the shipping company, once it has been recovered we will ship you a new check.

Thank you,

Ameritrade Customer Service.

actually.... (2, Insightful)

AviLazar (741826) | more than 9 years ago | (#12293547)

It's doubtful that current and former customers with exploited information will care how this occurred.

While I would be upset if this was my personal information, if Ameritrade did what they were supposed to do (as in ensuring the shipping company was a decent company) then I would not be so uptight about the situation. People like to scream, shout and vent. Shit happens. If someone was grossly at fault they should be flayed, if it was a pure accident (as such things happen) well it is what it is.

Re:actually.... (2, Interesting)

rsborg (111459) | more than 9 years ago | (#12293708)

People like to scream, shout and vent. Shit happens. If someone was grossly at fault they should be flayed, if it was a pure accident (as such things happen) well it is what it is.

Great, next time I lose some important info that could compromise someone else's credit security, I'll just claim it's an "accident" and that "Shit happens".

Seriously, people would care if they

  • knew what data had been lost (were they SSN/name combos? Trade information? Bank routing info for transfer?)
  • Whether their had been affected
But they don't (currently) know... so of course they don't care... it's not clear what the impact is. And Ameritrade has every incentive to hide or destroy any evidence that reveals this. And, of course, the corporate media has no real incentive to reveal Ameritrade's fuckup either.

Re:actually.... (1)

AviLazar (741826) | more than 9 years ago | (#12293814)

No, you are taking my words out of context. Next time read, comprehend and try not to just spout words to attempt to make a point. Again to reiterate: "If someone was grossly at fault they should be flayed," See this is blaming and punishing the parties who showed negligence. Now to continue "if it was a pure accident (as such things happen) well it is what it is", see this shows that accidents happen and nobody is at fault. Such things could happen from glitches in the tracking system, mother nature, vandals/thieves, etc. While a company should try and minimize negative effects to their clients, bad things happen even when people take proper precautions.

Re:actually.... (1)

varmittang (849469) | more than 9 years ago | (#12293769)

I would think they would send someone who is an employee of Ameritade to hand deliever these tapes. Give them a bag full of tapes in a carry on bag, send him to the destination by car or plane, drop off the tapes, come back for more if necessary. They have the money to do it, why not insure that your customers data doesn't exchange hands that are not apart of the company. To save a few dollors in the end, or end up on the news like this, which would you choose.

Re:actually.... (1)

AviLazar (741826) | more than 9 years ago | (#12293836)

Because, just like in other banking, companies hire transport services (like the armored car services you see on the street). Does this mean that things are ever 100% secure? NO....then again, Ameritrade - a company that does not specialize in transportation of goods in a secure fashion could hire their own people and do a job that is probably sub-par to say Brinks security systems. They hire specialists.

Re:actually.... (0)

Anonymous Coward | more than 9 years ago | (#12293820)

Ameritrade should be smacked around as much as possible. They deserve all the bad that comes their way, and likely a good deal more.

They didn't treat the data in a manner commensurate with its value. That was their choice. They wanted to gamble with other people's lives, because, hey, it's not their problem. You know what, fuck them. Emperically, they didn't do a good job ensuring that the company was decent. They don't have custody of their customer's data, and they suspect the offending company does, or at least knows what happened to it, and is LYING about it. And you know what, Ameritrade is responsible for that too. Poor decisions that hurt shareholders, customers and markets in the pursuit of bonuses divisted from the running of their business are what Ameritrade's executives are all about. Every last one of them.

They have a responsability to control risk. They actively chose not to. They plead to be absolved of responsability because, "It's not a perfect world." Well no shit. And aren't we all glad that the engineers who designed the various bridges we all drove across today didn't have the same myopic outlook.

Everyone involved in the chain of failures should be shot in the face and raped by robots.

Not even encrypted ! (1, Redundant)

Flywheels of Fire (836557) | more than 9 years ago | (#12293551)

It was not encrypted, she added. [msn.com]

One ought to be more careful in this Post-9/11 [mithuro.com] world.

One Bart to rule them all. (0)

Anonymous Coward | more than 9 years ago | (#12293678)

If it's that important, maybe it shouldn't be entrusted to Puck from the Real World San Francisco.

Appearently, "there oughta be a Law." If everyone is going to turn around and say, "I didn't do it!" then the rest of the market needs a device to hold them accountable. Seriously, everyone in that chain of events DID do it. And in fitting "social darwinism" fashion, as any good economist would tell you, they should be destroyed utterly for their failures.

The dumbass executive who decided to use Ganja Security (A Fly-by-Nite subsidiary) probably got a giant bonus for "saving" Ameritrade so much money, instead of fired and sued. Likewise the company that losted the tape pandered to the stockholders how much money they saved by hiring illegal immegrants. It's called integrity, now it's dead, and it used to be America's competitive advantage.

Re:Not even encrypted ! (1)

Skyshadow (508) | more than 9 years ago | (#12293727)

FYI, your link's broken so I don't know if you were being serious/sarcastic/funny with that 9-11 comment.

Let's say "serious", though: It always amazes me how careless many companies are with their customers' personal data. Data left on insecure public servers, data loaded onto laptops or PDAs, data moved around in unencrypted formats, unerased hard drives put in the trash or shipped to recyclers, etc...

If you read the details of these data loss stories, you'll see that in 99.99% of the cases we *know* how to avoid these losses. There's nothing too incredibly new about maintaining data security. The same concepts that we used 15 years ago still apply today -- training your staff to resist social engineering, maintaining discipline in regards to data use, having sound policy in regards to physical security (including the trash, kids!) and using a little freakin' common sense.

So let me suggest *again* that the reason that these companies lose data is not because they *cannot* avoid it, but because they don't give two shits about it since there are exactly zero penalties for losing other people's personal data. I guarantee you that if the CEO had to sign a Sarbanes-Oxley style document each year certifying data integrity, you'd see these stories once in a blue moon. Why? Because when the higher-ups have some skin in the game, suddenly you start seeing attention paid and resources dedicated.

Until there's a measurable penalty for losing data, most companies are just going to continue losing it. After all, what do they care -- it's your data, not theirs.

Re:Not even encrypted ! (1)

Pope is a nazi (877519) | more than 9 years ago | (#12293737)

There is a group of mods who hate Flywheels of Fire [google.com]

His comment on RSS feeds was initially knocked down to -1 before some other mods came and picked it up and made it 5.

And now, a VERY important point has been knocked down as Redundant. But this fact is not mentioned elsewhere.

I think some Mods have a personal vengence agains Flywheels.

As for the point he makes, IT IS valid.

A company like Ameritrade should learn to encrypt there data. Especially in this post 9/11 world.

Re:Not even encrypted ! (0)

Anonymous Coward | more than 9 years ago | (#12293856)

You see that happen a lot these days. I don't really care about people's karma, but having good posts get forced down to -1 with the rest of the noise is really irritating.

I wish those troll-mods would just go back to playing with their own poop and leave the rest of us alone.

In Other News (5, Funny)

ackthpt (218170) | more than 9 years ago | (#12293560)

HOLLAND, MI (OOP) OSTG has revealed that member data for Slashdot.org, an online technical news site, has been compromised. "At first we thought it was only a network error, until we noticed trends in trolling and moderation making little sense," said Rob Malda, who goes by the nickname of CmdrTaco and was one of the sites founders. "Posts which were clearly uninformative, insightful or interesting were receiving high marks, while better pieces were completely ignored." Further, Malda indicated the loss may have been as high as 100,000 ids and passwords. Which in the wrong hands could tip the opinions of nerds and geeks the world over. In early hours of trading the NASDAQ plummeted 11% on the news and downtown Holland, Michigan was in flames as a mob of panicking and angry posters went on a rampage, before sating itself on chocolate covered espresso beans at the Rocky Peanut Company and pausing to "ooh and ahh" at shiny things in the local Radio Shack window or gaze longingly at the poster for the upcoming Star Wars: Episode III, Revenge of the Sith outside the local theater. Said Holland mayor, Albert H. McGeehan, "Well, isn't this a fine kettle of tulips!" At press time OSTG had not returned any calls on the matter.

Re:In Other News (0)

Anonymous Coward | more than 9 years ago | (#12293855)

Am I the only one who was reminded of the SimCity 2000 newspaper articles?

Yeah it's nasty but it is this stuff news ? (2, Informative)

Anonymous Coward | more than 9 years ago | (#12293562)

This is happening all the time now. Here's another:

http://news.bbc.co.uk/1/hi/business/4444477.stm [bbc.co.uk]

Re:Yeah it's nasty but it is this stuff news ? (1)

Spl0it (541008) | more than 9 years ago | (#12293738)

As I understand you, "Is this stuff news?", the answer being YES!@#%@#%#@.

If my data was stolen, I would want to be notified, and if a company I don't deal with or do deal with has lost data I wan't do know, for future business reasons of course. The last thing I want to do is signup for a credit card or whatever with a company if they have security problems with customer again and again.

Not only is it news, but in most cases the companies involved should and deserve to have their name dragged through the gutters!

Nothing suspicious? (1, Insightful)

Digitaltodd (644535) | more than 9 years ago | (#12293564)

So, they lost the data and in transit the backup tape was lost. Hmmmm.....nothing suspicious to see here kids..please move along

Copy of Ameritrade Customer Data Lost (1)

ugmoe (776194) | more than 9 years ago | (#12293869)

So, they lost the data and in transit the backup tape was lost. Hmmmm.....nothing suspicious to see here kids..please move along

No - the only tape lost was the backup tape - Ameritrade has the original and current data.

So more specifically - the article should be titled "Copy of Ameritrade Customer Data Lost."

How much longer until personal data gets protected (2, Interesting)

Skyshadow (508) | more than 9 years ago | (#12293566)

Once again, let me suggest that it may be time to legislate significant penalties for companies and/or individuals who are careless with personal data.

Re:How much longer until personal data gets protec (1)

Reignking (832642) | more than 9 years ago | (#12293589)

There are. GLB (Safeguards Rule), FACTA (Disposal Rule)...

Re:How much longer until personal data gets protec (1)

Rude Turnip (49495) | more than 9 years ago | (#12293774)

Let me put on my Dr. Phil voice for a moment...So, how's that working for ya?

Re:How much longer until personal data gets protec (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12293597)

And they were careless in what way exactly?

Re:How much longer until personal data gets protec (0)

Anonymous Coward | more than 9 years ago | (#12293762)

They took a fairly complete image of their customers' personal data (aka, not broken up or disassociated in any way), copied it onto an easily mobile format, didn't encrypt it and gave it to a third party.

Let's see if you can spot the carelessness here.

Re:How much longer until personal data gets protec (0)

Anonymous Coward | more than 9 years ago | (#12293722)

Once again, let me suggest that it may be time to legislate significant penalties for companies and/or individuals who are careless with personal data.


Yes! Because more unenforced legislation similar to HIPAA will make all the difference. After all, leaking of personal medical records is now completely a thing of the past! Just because these laws tend to have loopholes [healthprivacy.org] up the wazoo shouldn't be any consern as long as the name of the law makes it sound like things will change.

Re:How much longer until personal data gets protec (0)

Anonymous Coward | more than 9 years ago | (#12293781)

Yes! Because more unenforced legislation similar to HIPAA will make all the difference. After all, leaking of personal medical records is now completely a thing of the past!

As someone whose company has spend many tens of millions of dollars on HIPAA compliance, I can't tell you how happy I am to hear it's not enforced! I can't wait to tell my boss! I'll bet I get a big raise this year for saving the company all that money!

Re:How much longer until personal data gets protec (1)

AK Marc (707885) | more than 9 years ago | (#12293835)

As someone whose company has spend many tens of millions of dollars on HIPAA compliance, I can't tell you how happy I am to hear it's not enforced! I can't wait to tell my boss! I'll bet I get a big raise this year for saving the company all that money!

Dear Troll,
When was the last time the HIPAA Special Agents dropped by to inspect your organizationf for compliance? Never? Then it is unenforced. Thanks for playing. You can collect your parting gift at the door.

personal data protection == big sister (3, Interesting)

torpor (458) | more than 9 years ago | (#12293768)

the only solution is the eradication, entirely, of the notion of 'personal data'. by that, i mean: you personally should be recording everything, not just the company. both sides should have their full records, for there to be 'fairness'.

until there is such a common, accepted, standardized practice, there will always be a mis-balance of corporate-Entity(knowledge of individuals) versus indepent-Entity(knowledge of corporate state). the reason we hate big brother is because we have no control over him; we'd accept his conditions, if turnabout was enforced by the state, and we had just as much public oversight of government as 'it' does 'us'.

from now on, simply record every single thing you do, anything thats a part of an agreement made with some company, yourself. save every single thing 'they' print you, put it in your system so that you data-mine them. use your digital prowess to record as much of your 'person->corporation' interaction as possible.

do it for a year, and then see how you feel about corporate loss of data.

its an odd thing, but in fact total-awareness is the only solution to problems of individual privacy versus corporate responsibility. its a wry old universe, doing the irony thing again..

As an Ameritrade customer I'd be worried... (4, Funny)

Anonymous Coward | more than 9 years ago | (#12293573)

Thankfully, all my tech stocks have tanked and there are no more assets to attack. As a matter of fact, I'm more likely to get sued by identity theives for ruining their reputations and credit ratings.

Biggest data transport method (1)

kpwoodr (306527) | more than 9 years ago | (#12293578)

I remember a while ago I heard that the largest data transport method was the US mail, and by a wide margin. Is this still the case? This may open up an entire new world to identity thieves, if it was not already open.

If we can't count on the companies who handle our money to protect our credit, who can we count on?

Re:Biggest data transport method (0)

Anonymous Coward | more than 9 years ago | (#12293696)

The US Mail is already an ID theft channel. Thieves will steal bills and credit card applications from mailboxes.

Sigh, a "federal offense" just ain't what it used to be.

Re:Biggest data transport method (1)

gr8_phk (621180) | more than 9 years ago | (#12293709)

" I remember a while ago I heard that the largest data transport method was the US mail, and by a wide margin."

I get more physical junk mail than spam, so I would say this is true. Cheap bulk mail is subsidised by more expensive important stuff. What's a stamp cost these days? 35 cents? What's bulk? 5 Cents? I've heard all the arguments that this is appropriate, but I just don't buy them. The cost of the postman coming to the box is far higher than any other portion of it, and he wouldn't have to stop 5 out of 6 days if not for the junk mail.

Compressed Data Secure? (2, Funny)

Anonymous Coward | more than 9 years ago | (#12293581)

My favorite:

"the missing back-up tape contained compressed data that would require very advanced computer systems to access."

http://money.cnn.com/2005/04/19/technology/ameri tr ade/

Note she did not say encrypted. Modern tape software is often intelligent enough to recognize not only its own compression algorithms, but also formats and algorithms used by other vendors. Maybe Ameritrade thinks they are one of the only companies in the world utilizing LTO, or maybe LTO-2?

Very advanced computer systems (0)

Anonymous Coward | more than 9 years ago | (#12293794)

I think they were refering to XP's built-in support for zip files.

Its not lost, its misplaced (1)

metoc (224422) | more than 9 years ago | (#12293584)

Technically someone is in possession of the tape until their is reason to believe otherwise.

News at 11, [insert company name here] loses data (5, Funny)

lxdbxr (655786) | more than 9 years ago | (#12293585)

At this point, I feel it would be useful to have a list of major companies which have not lost hundreds of thousands of customer records.

We could then refuse to do business with those companies on the grounds that they were obviously lying.

Re:News at 11, [insert company name here] loses da (1)

jd (1658) | more than 9 years ago | (#12293804)

I'm pretty sure Codependents Anonymous hasn't lost any personal data, lately. I'm also sure that they'd LOVE to take absolute control over everyone else's security. Hell, let them. They can't do any worse.

Ameritrade needs to fire their IT Director (2, Insightful)

ip_freely_2000 (577249) | more than 9 years ago | (#12293587)

"...Further blaming the shipping company, she explained that "this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor."

Ah, no.

This is squarely the problem of Ameritrade management. Protection and recovery of backup data rests squarely with IT. There should have been a detailed process done in conjunction with a reliable shipper to ensure protection ( or perhaps a private courier ) of the tape.

Yet another clueless corporation that has no sense of responsibility.

Re:Ameritrade needs to fire their IT Director (1)

The Good Reverend (84440) | more than 9 years ago | (#12293783)

Even a "reliable shipper" or private courier can lose something. Or do you think there are shipping companies out there who have never lost a package?

I agree the data probably should have been encrypted, but if this really was a shipping problem, I have a hard time blaming Ameritrade.

That makes sense now... (1)

krapper (447676) | more than 9 years ago | (#12293588)

So that's what is on that tape that my grandmother just received randomly from FedEx...

Not an issue? (1, Insightful)

yamla (136560) | more than 9 years ago | (#12293599)

What is she on? How is this not an issue? If the data had been properly encrypted, it could have been lost with no danger of the data falling into the wrong hands. Ameritrade decided the data was not worth encrypting, and then lost it.

Even if they couldn't be bothered to encrypt the data, they then shouldn't have shipped it the way they did. They should have shipped the data in a
briefcase handcuffed to a trusted courier.

This is most definitely a failure, and a significant one at that. I am saddened that Ameritrade doesn't have the decency to own up to their mistakes. In Canada, they could be charged under the PIPED Act.

Re:Not an issue? (1)

bdcrazy (817679) | more than 9 years ago | (#12293842)

encrypted data falling into the wrong hands = no longer encrypted data.

American Century (2, Informative)

Rob the Bold (788862) | more than 9 years ago | (#12293602)

Got a letter last week from American Century that 2 PCs had been physically stolen form the American Century office containing account information -- names addresses, balances, but no SSNs.

I have every reason to believe (1)

gh5046 (217974) | more than 9 years ago | (#12293618)

that the walkman I lost on my Grandmother's land (the several acres of it), when I was seven years old, is still there. Although she passed away several years ago and someone purchased the land for farming and have tilled the entire lot, I have every reason to believe that it's still there.

Well, at least I have every reason to believe that it was destroyed.

I'm an Ameritrade customer and I DO care how... (3, Insightful)

samdu (114873) | more than 9 years ago | (#12293625)

...about how the data was lost. It's a little bit difficult to get angry about a lost package in the shipping process. It happens. It's always going to happen. It's rare, though. I'd be a little pissed off if this was due to a network breach at Ameritrade. As it is, I'm not too concerned. So, yeah, it DOES matter how the data was lost.

Re:I'm an Ameritrade customer and I DO care how... (1)

Rollie Hawk (831376) | more than 9 years ago | (#12293669)

That's kind of like preferring to be raped over being murdered.

Re:I'm an Ameritrade customer and I DO care how... (1)

cowgoesmoo2004 (762366) | more than 9 years ago | (#12293756)

My name is in that file, and I care too.

Perhaps I'm missing something, but I see a lot of geeks griping about silly things. Other than bitching about a lack of encryption, there isn't much to bitch about here.

They should have picked a better shipper? I mean come on, even if you use FedEx, UPS and/or the USPS, you will eventually find that things get lost or stolen in transit. This is real life, stuff happens.

Lack of encryption though, the IT staff are incompetent to not realize that appropriate encryption should have been used -- unless they were shipping it to the government and had to follow precise braindead formatting and delivery specifications?

Re:I'm an Ameritrade customer and I DO care how... (0)

Anonymous Coward | more than 9 years ago | (#12293826)

They should have picked a better shipper? I mean come on, even if you use FedEx, UPS and/or the USPS

Over a bonded private courier who would baby sit the package from beginning to end, and if anything happend to the package they'd be out lots of money and looking for a whole new career?

Theres a reason why there are lots of small courier services. Its because they provide a better service than FedEx, UPS, or the USPS could ever dream of, even though that better service comes at a cost.

So basically, Ameritrade decided that tossing the tape in a box and handing it off to a shipping company and risking the chance that it would be lost was worth the $50 or so they saved per tape transfer to do it right.

Serves Ameritrade right... (0)

Anonymous Coward | more than 9 years ago | (#12293627)

...for using a Nigerian shipping company.

Not Ameritrade's Fault? (3, Insightful)

lbmouse (473316) | more than 9 years ago | (#12293659)

Further blaming the shipping company, she explained that "this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor."

No, it's an Ameritrade-picking-a-bad-vendor issue. It is still ultimately Ameritrade's fault.

Re:Not Ameritrade's Fault? (2, Insightful)

Xiver (13712) | more than 9 years ago | (#12293698)

I agree. If someone pays a $10 per hour janitor a few thousand dollars to swap out a backup tape from our server room, we are responsible in one way or another. After all we are stewards of the data.

Re:Not Ameritrade's Fault? (1)

TripMaster Monkey (862126) | more than 9 years ago | (#12293831)

At my company, custodians do not have the keys to the server room.

Of course, this means I have to clean up my own messes, but I'm fine with that, considering the alternative.

No Big Deal. (1)

torpor (458) | more than 9 years ago | (#12293677)

Just ask Israel for a backup.

An Epidemic? (4, Informative)

WhiteBandit (185659) | more than 9 years ago | (#12293690)

So I've been creating a list of all the major cases I've heard about in 2005. Nearly 1.3 million people have been affected so far this year. Of course now Slashdot won't let me post the information because I have "too few characters per line."

I originally posted an expanded version of this list on my blog [rockbandit.net] to start keeping track of everything.

Here is basically what it looks like:
Date: 04-18-2005
Name of Organization: Ameritrade
How: Lost backup tape with shipping agency
People Affected: 200,000
Link: http://money.cnn.com/2005/04/19/technology/ameritr ade/ [cnn.com]

Date: 04-14-2005
Name of Organization: Polo Raplh Lauren - Mastercards
How: "Security Breach" - Hackers
People Affected: 180,000
Link: http://www.sfgate.com/cgi-bin/article.cgi?file=/n/ a/2005/04/14/financial/f064639D31.DTL [sfgate.com]

Date: 04-08-2005
Name of Organization: San Jose Medical Group
How: Stolen Laptop
People Affected: 185,000
Link: http://www.sfgate.com/cgi-bin/article.cgi?f=/news/ archive/2005/04/08/financial/f115753D39.DTL [sfgate.com]

Date: 03-29-2005
Name of Organization: UC Berkeley
How: Stolen Laptop
People Affected: 98,000
Link: http://sfgate.com/cgi-bin/article.cgi?file=/c/a/20 05/03/29/BAG3MBVSFH1.DTL [sfgate.com]

Date: 03-26-2005
Name of Organization: Northwestern University
How: "Security Breach" - Hackers
People Affected: 21,000
Link: http://www.chicagotribune.com/technology/ [chicagotribune.com]
chi-050 3260274mar26,1,5138021.story?coll=chi-technology-h ed&ctrack=1&cset=true

Anyway, this is definitely getting ridiculous and out of hand. And it seems we're pretty much helpless to control it as well. When are a lot of these companies going to stop requiring valuable information like social security numbers and such?

You're missing one.. (1)

EvilStein (414640) | more than 9 years ago | (#12293806)

http://www.firstcoastnews.com/news/georgia/news-ar ticle.aspx?storyid=35796

"ATLANTA (AP) -- D-S-W Shoe Warehouse officials estimate that thieves stole one-point-four million credit card numbers."

Re:An Epidemic? (0)

Anonymous Coward | more than 9 years ago | (#12293846)

I have accounts with Ameritrade. Just called them up, asked if my user data is stolen. Gentleman on the line claimed he has a list of stolen user data and he can look up by userid/account number. Hmmm.

Backup Tapes should always be encrypted (3, Insightful)

workerbeedrone (323535) | more than 9 years ago | (#12293702)

There is no excuse not to encrypt all backup tapes anymore where sensitive data is involved. There are appliance-style products out there specifically for encrypting tape backups, if you can't figure out another way.
And I'm sure there are plenty of SW solutions also.

This kind of crap has been happening too often.
I hate to say we need a law, but we need a law.

Shoot the messenger (1)

ShineyMcShine (799387) | more than 9 years ago | (#12293703)

Just shoot the messenger. Age old solution.

Just because firms haven't said they lost data (2, Interesting)

WillAffleckUW (858324) | more than 9 years ago | (#12293710)

doesn't mean they haven't lost it, but failed to report it in such a way that the media passed it on.

We're dealing with a very small subset of firms that have either been forced to admit, or have voluntarily admitted, data loss of customer records and personal data collected either with or without permission.

The number of firms that haven't admitted it, but have had it happen, is a LOT bigger.

Ameritrade's pledge to you... (1)

krapper (447676) | more than 9 years ago | (#12293741)

"The trust of our clients is our most precious asset. Protecting your privacy and safeguarding your personal and financial information is one of our highest priorities."

Responsibility (3, Insightful)

derfel (611157) | more than 9 years ago | (#12293758)

I work for a company that designs and builds devices used in the medical industry. If we use a third party for hardware or software, we have to verify and vouch for that software. If a patient gets hurt because some 3rd party app did something wrong, the 3rd party doesn't get sued, we do. It should be the same for personal data. Ameritrade should have made sure the data was secure, whether it was in their hands or not. If anyone's identity gets stolen, or they get ripped off in any other way, Ameritrade should be liable for the loss plus damages! As should all of the other companies that are losing personal data.

Ameritrade Customer Service (4, Interesting)

kid_wonder (21480) | more than 9 years ago | (#12293792)

Just gave them a call to close my account and I must say that they (or at least the person I talked to) was well versed on the talking points from the press release.

1) Blame third party
2) Data is not lost, we just don't know where it is
3) There has been no evidence of the data being used

The woman I spoke with was pretty adamant about making these points and really tried to keep me from closing my account.

I am not sure if this sort of revelation usually results in a significant loss of business or not, but it would appear they were well prepared to rebut peoples concerns.

FrOsMt pist (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12293795)

Spokeswoman? (0)

Anonymous Coward | more than 9 years ago | (#12293809)

Isn't that word just, like, wrong? Isn't the politically correct thing to do in the US to use gender-neutered (oops, gender-neutral) words, like spokesperson?

This is why... (1)

tomstdenis (446163) | more than 9 years ago | (#12293825)

You ***ENCRYPT*** [and authenticate] your backups.

So that even if you lose the media you don't leak the data...

Of course you have to be a Community College grad to figure that out.

I R SMRT!

Tom

And they never heard of encryption? (1)

Trixter (9555) | more than 9 years ago | (#12293829)

At a former financial employer, I didn't hesitate to put encryption into the backup system I designed for a particular product. You have to protect the data at every single failure point, including those of the "whoops, where did we put that tape?" kind.

Encryption expensive? (1)

mstansberry (872862) | more than 9 years ago | (#12293840)

One of these responses said that encryption is expensive, but from what I've heard it's really not. PKWare http://http//search390.techtarget.com/originalCont ent/0,289142,sid10_gci1079886,00.html [http] recently came out with compression/encryption software that I'm sure it costs less than the lost business does.

Security analyst, Kevin Beaver: All that's needed is just basic security policies, procedures, and common sense safeguards. This is a level of security that far too many organizations have trouble attaining - if the average organization could just implement the basics, that is, reasonable security measures proportionate to the importance of the data and its associated risks - that's often more than enough.

You're Fired! (1)

standards (461431) | more than 9 years ago | (#12293845)

this was not an Ameritrade Systems issue or a compromise of our technology. This was related to a third party vendor.

The application development group still has a job! You're doing great!

The management that was involved in choosing the vendor has been sacked.

Those responsible for letting this leak into public view have been "reassigned", and will be terminated once the heat dies down.

FOR SALE (2, Funny)

jchawk (127686) | more than 9 years ago | (#12293848)

One tape backup tape. Appears to be functional, bought from local shipping company at auction. :-P

Still their fault... (0)

Anonymous Coward | more than 9 years ago | (#12293862)

They should have planned for a "shipping problem" with their data. Still inexcusible!

Blame the Janitor! (1)

kethel (752761) | more than 9 years ago | (#12293873)

I clean up a bank every night which also requires me to clean up their computer room. I see dozens of tapes laying around every night. I'm the first one to get accused of taking anything until they look at their video camera tapes.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>