In a press release, TD Ameritrade this morning confirmed reports that it has been informing customers of a potential security breach. The release does not confirm the figure of 6.3 million customers, but a company spokesperson did give that number to reporters in interviews. (Dark Reading, “TD Ameritrade Breach Affects 6.3M Customers.”)
It appeared that no SSNs, account numbers, or other information was stolen. So why is Ameritrade announcing it, and what can information security professionals learn from this?
It appears that Ameritrade is getting ahead of the story. Rather than have it dribble out by accident, they’re shaping the news by sending out a press release.
Second, they’re shaping their customer response. Rather than hear about this from someone in a state with a broad disclosure notice, and worrying “was I affected, too” they’re telling everyone. That allows them to appear proactive and caring, rather than reactive and hiding.
Third, they’ve probably kept costs way down by not paying a law firm to analyze their requirement to disclose under a variety of laws.
Finally, they were smart early, and separated their customer data from the deeply sensitive stuff which was in a different database.
So what can someone who’s just been breached learn from this?
First, segment your data now. It pays off, probably more than a lot of products you might buy.
Second, when you encounter an incident, think about taking control of the situation, rather than letting the situation control you. Spending time planning for a variety of breaches will pay off, both for the the companies that are ready, and for the leader who initiated the process.