September 14th, 2007

Ameritrade admits to security breach

I've written a few times about my Ameritrade email addresses being leaked. I got this today:

Subject: Important information about your TD AMERITRADE account


September 14, 2007

You do not need to make any changes to your TD AMERITRADE accounts or to
change the way you do business with us.
Dear (me),

Let me tell you why I am sending you this email. While investigating client
reports about the industry-wide issue of investment-related SPAM, we recently
discovered and eliminated unauthorized code from our systems. This code
allowed certain client information stored in one of our databases, including
email addresses, to be retrieved by an external source.

Please be assured that UserIDs and passwords are not included in this
database, and we can confirm that your assets remain secure at TD AMERITRADE.

What we want you to know:

* Once we discovered the unauthorized code, we took immediate action to
eliminate it. We are confident that we have identified the means by which
the information was accessed and have taken appropriate steps to prevent
this from reoccurring.
* You continue to be covered by our Asset Protection Guarantee, which
protects you and your assets from any unauthorized activity that may occur
in your account through no fault of your own. If you lose cash or
securities as a result of such activity, we will reimburse you for the
cash or shares of securities you lost.

While Social Security Numbers are stored in this particular database, we have
no evidence to establish that they were retrieved or used to commit identity
theft. To further protect you, we have hired ID Analytics, which specializes
in identity risk, to investigate and monitor potential identity theft. ID
Analytics provides identity risk services to many of the country's largest
banks and telecommunication companies, as well as government agencies.
Following its initial evaluation, ID Analytics found no evidence of identity
theft as a result of this data breach. We will retain its services on an
ongoing basis to support your TD AMERITRADE accounts and to monitor for
evidence of identity theft. We will alert and advise you if any is found. As
always, we encourage you to remain alert in guarding your personal
information, regularly review your account statements and monitor your credit
activity from the major reporting agencies.

For more information on protecting yourself against the possibility of
security threats, please visit our online Security Center.

We sincerely apologize to you for this situation and want to assure you that
protecting the security and privacy of your assets and information remains a
top priority. We have made and will continue to make significant investments
in security software, systems and procedures, and we will remain vigilant
about protecting you.

We want to answer any questions and address any concerns that you may have
about this matter. For more information, including a list of Frequently Asked
Questions (FAQs) and an additional message from me, please go to
or contact Client Services. Please note that we are anticipating increased
call volume during this period, which may lead to long wait times. We
encourage you to review the FAQs and, if you have a question, to log on to
your account and send us a secure email. Once again, please be assured that
your assets are secure at TD AMERITRADE.

Joe Moglia

TD AMERITRADE understands the importance of protecting your
privacy. We are sending you this notification to inform you of
important information regarding your account. If you've elected
to opt out of receiving marketing communications from us, we will
honor your request to unsubscribe from future emails now.

trademark jointly owned by TD AMERITRADE IP Company, Inc. and The
Toronto-Dominion Bank. (c) 2007 TD AMERITRADE IP Company, Inc.
All rights reserved. Used with permission.

Distributed by: TD AMERITRADE, Inc., 1005 North Ameritrade Place,
Bellevue, NE 68005

Given that this has been happening for a year now, I'm less than impressed by the whole thing. Oh yeah... your social security number was in the breached database, but don't worry about that at all. Mmmm hmmm.