Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.
After getting pinged by Schwab for quite awhile, I finally changed both my log in and password. Your note is a good reminder as to why this needed.
And....I just noticed something.....looking at our pictures, I see "Michigan" over "Ohio State". That is something you certainly don't see very often these days.
) we are coming for you...give us three years with our new coach.
My bf and I have had something strange happen with Schwab mobile. I am getting his trade notifications on my mobile. He usually uses his tablet to trade... we have tried to figure out why this is happening. Anyone have any ideas?
He deactivated the trade alerts. We hope that will end it. The next time he places a trade from his tablet, I'm going to be watching my phone to see if that worked. We still can't figure out how it happened in the first place. My cell number is nowhere on his account and vice versa.
) we are coming for you...give us three years with our new coach.
My bf and I have had something strange happen with Schwab mobile. I am getting his trade notifications on my mobile. He usually uses his tablet to trade... we have tried to figure out why this is happening. Anyone have any ideas?
And Scottrade still would like me to be a customer ???
An aside: @PRESSmUP and @little5bee I won't be swayed to change my avatar, cause it means and says too much about the world for me; but if I did change at this point, for sake of this conversation, I would have to "MSU" the avatar.
"The incident took place around late 2013 and early 2014."
WHY ARE WE JUST HEARING ABOUT THIS NOW!!!
They're a little slow on these things. I closed my Scottrade account a dozen years before that. Why am I hearing about this at all?
Scottrade sent me email saying that I should change my password, and that they would provide credit monitoring (as I'm sure "real" customers also received).
What are they doing keeping data from that long ago live in their database? It should have been archived offline, on some old dusty mag tape. (The account may not have been quite that old, but it feels like it.)
However, their system did let me change my long forgotten (literally) password. Can you say "barn door" and "horse"?
@msf You changed your PW from "barn door" to "horse"? That's hardly an improvement and rather strange. @Mark Why are you just hearing about it? Vairwy vairwy strict privacy laws!
probably not, or not much you can do as an individual. I suppose you could invest in the next boutique MF that invests in data breaches.
Not that anybody believes it, but, to believe that any online data can't or won't be hacked, is a bit insane. Every company is just one step away from being breached, hacked.
What would you do differently, if you used an online business or bank that was hacked?
How many times has experian, or acxiom (which probably has more personal info about you than any on-line banking account) been hacked. The unknown unknown.
That would be a known unknown - a question to which the answer is unknown. An unknown unknown would be where you don't even know the question. You know?
Vanguard just changed its security protocol to something I consider both less desirable and less secure. They had been prompting users with text and a security image, so that you were sure you weren't on a phishing page (e.g. if you'd misspelled the URL).
That's gone away - now you enter login and password on the same page. But if you want, when you try to login, they'll text you a code (good for 10 minutes) that you need to enter to complete the login. Either the first time you use a browser (cookies enabled), or every time you login (if cookies disabled or you configure your Vanguard account to require a texted password every time). The problem is that they do this after you've entered your login/password on a possibly phony page.
"Standard carrier message and data rates may apply." I don't want to get dinged every time I want to log in. Surely Vanguard could have automated sending the code via email as an option?
@Maurice: "Anyone know whether the insurance provided by Scottrade and its peers covers loses due to online theft?"
@msf - you said you received emails from Scottrade even though your accounts were closed years ago ?
I have 2 accounts there currently and I have received no information or emails from them whatsoever to this point.
Besides myself, has anyone else not received any email or notification from Scottrade?
Thanks
They are supposedly notifying people who had accounts at or before the time of the breach (late 2013, early 2014). If accounts are newer than that, it could explain the lack of email.
My concern is with a broker that doesn't ever take confidential information offline. Makes one wonder about the security of your grade school records. And it doesn't stop at death. SSA maintains a public Social Security Death Index with SSNs of people who have died. Hacking not required.
@msf - I opened my taxable and non-taxable IRA accounts at Scottrade back in 2011 and 2012 respectively. I have not received any email from them.
The only thing I noticed is when I logged in this afternoon, on the front web page and under "Important Messages" there was a link to Security Breach and to a general note to how sorry they are about the breach.
However, no email from them - even the accounts were opened in 2011 and 2012.
@clacy@learningcurve among the many possible reasons for not having received an e-mail re. the breach from Scottrade, at least we can rule out the reason being you are persons of little or no significance. (awwwh, xxxxx)
Finally got an email from ST today. This was curious to me:
"Federal authorities had requested that they be allowed to complete much of their investigation before we notified clients. In coordination with them, we are now able to alert you of this incident. We are fully cooperating with law enforcement in their investigation and prosecution of the criminals involved.
Notices like this one are being sent to all individuals and entities whose information was contained in the affected database, and we have included here information about steps you can take to protect yourself.
For the life of me I do not understand a nearly two year delay before informing those who may have been affected. Can you imagine the uproar if Target, for example, had waited 2 years to tell their customers.
I'm still wondering why my "information was [still] contained in the affected database" since I'd closed my account more than a dozen years ago.
The way the email is written, it sounds like Scottrade did not hold off long at the Fed's request. Which makes it all the more disturbing that Scottrade had to be informed by an outside agency of the breach, and that they didn't even know about it for so long:
"Federal law enforcement officials recently informed us that they’ve been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies. ...
"Based upon our subsequent internal investigation coupled with information provided by the authorities, we believe a list of client names and street addresses was taken from our system. "
Makes you wonder what other financial institutions haven't notified clients yet (or don't even know they've been compromised).
Guys, sometimes I wonder if everyone's identity is stolen anyways and we just creating news. I mean HTF do we know?
I already am registered with AllClear because me and my family members identity compromised by Anthem. And here is the kicker. I NEVER used Anthem. The breach was supposed to be for Anthem clients who used Blue Cross Blue Shield. I have never had BCBS insurance. It seems somehow, somewhere, we are connected to Anthem. I even called my current insurance company. They said they have no dealing with Anthem.
Why / How does Anthem even have my personal information then?
I've been Scottrade forever. I did receive email from them yesterday. IT claims, names and addresses compromised and not much else. the amount of snail mail spam I receive, who cares? My one question now is regarding AllClear. Do I need to separately request protection regarding Scottrade snafu when they are allegedly already monitoring suspicious activity regarding Anthem? The Scottrade email does say "no enrollment required" and I haven't received a written letter just email. Thinking I don't need to do anything. With anthem I received a letter in mail and I had to set things up.
Comments
And....I just noticed something.....looking at our pictures, I see "Michigan" over "Ohio State". That is something you certainly don't see very often these days.
sorry...couldn't help myself.
My bf and I have had something strange happen with Schwab mobile. I am getting his trade notifications on my mobile. He usually uses his tablet to trade... we have tried to figure out why this is happening. Anyone have any ideas?
The real problem is this occured in 2013 and 2014. WTF we hearing about this so early?
WHY ARE WE JUST HEARING ABOUT THIS NOW!!!
An aside: @PRESSmUP and @little5bee I won't be swayed to change my avatar, cause it means and says too much about the world for me; but if I did change at this point, for sake of this conversation, I would have to "MSU" the avatar.
HA - They can't steal it all ... Can they?
Scottrade sent me email saying that I should change my password, and that they would provide credit monitoring (as I'm sure "real" customers also received).
What are they doing keeping data from that long ago live in their database? It should have been archived offline, on some old dusty mag tape. (The account may not have been quite that old, but it feels like it.)
However, their system did let me change my long forgotten (literally) password. Can you say "barn door" and "horse"?
@Mark Why are you just hearing about it? Vairwy vairwy strict privacy laws!
@Maurice Maybe Hillary can offer some pointers.
uh, oh....shots fired!!
probably not, or not much you can do as an individual. I suppose you could invest in the next boutique MF that invests in data breaches.
Not that anybody believes it, but, to believe that any online data can't or won't be hacked, is a bit insane. Every company is just one step away from being breached, hacked.
What would you do differently, if you used an online business or bank that was hacked?
How many times has experian, or acxiom (which probably has more personal info about you than any on-line banking account) been hacked. The unknown unknown.
I have 2 accounts there currently and I have received no information or emails from them whatsoever to this point.
Besides myself, has anyone else not received any email or notification from Scottrade?
Thanks
Vanguard just changed its security protocol to something I consider both less desirable and less secure. They had been prompting users with text and a security image, so that you were sure you weren't on a phishing page (e.g. if you'd misspelled the URL).
That's gone away - now you enter login and password on the same page. But if you want, when you try to login, they'll text you a code (good for 10 minutes) that you need to enter to complete the login. Either the first time you use a browser (cookies enabled), or every time you login (if cookies disabled or you configure your Vanguard account to require a texted password every time). The problem is that they do this after you've entered your login/password on a possibly phony page.
"Standard carrier message and data rates may apply." I don't want to get dinged every time I want to log in. Surely Vanguard could have automated sending the code via email as an option?
@Maurice: "Anyone know whether the insurance provided by Scottrade and its peers covers loses due to online theft?"
Here's Scottrade's policy on covering online fraud, and Vanguard's.
My concern is with a broker that doesn't ever take confidential information offline. Makes one wonder about the security of your grade school records. And it doesn't stop at death. SSA maintains a public Social Security Death Index with SSNs of people who have died. Hacking not required.
The only thing I noticed is when I logged in this afternoon, on the front web page and under "Important Messages" there was a link to Security Breach and to a general note to how sorry they are about the breach.
However, no email from them - even the accounts were opened in 2011 and 2012.
Thanks
Accounts have been open with ST since mid 2000's
But, hey, it could have been worse; you could have been breached @ T-Mobile, via their credit check connection with Experian. (15M)
https://thehackernews.com/2015/10/experian-tmobile-hack.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+TheHackersNews+(The+Hackers+News+-+Security+Blog)&_m=3n.009a.1083.qp0ao05ps1.mcq
Just think of the juicy data they'd have about you with that one!
http://www.mutualfundobserver.com/discuss/discussion/comment/69664/#Comment_69664
and thought it was a unknown unknown. was corrected and told it was known unknown, but now it appears it is now a known known. perhaps we need a data breach category. but that would overwhelm the forum, with the number of security breaches per second. sb/s or sbps
"Federal authorities had requested that they be allowed to complete much of their investigation before we notified clients. In coordination with them, we are now able to alert you of this incident. We are fully cooperating with law enforcement in their investigation and prosecution of the criminals involved.
Notices like this one are being sent to all individuals and entities whose information was contained in the affected database, and we have included here information about steps you can take to protect yourself.
Information about this incident is available online at https://About.Scottrade.com/CyberSecurityUpdate, and we will update that web page if new data becomes available."
For the life of me I do not understand a nearly two year delay before informing those who may have been affected. Can you imagine the uproar if Target, for example, had waited 2 years to tell their customers.
I'm still wondering why my "information was [still] contained in the affected database" since I'd closed my account more than a dozen years ago.
The way the email is written, it sounds like Scottrade did not hold off long at the Fed's request. Which makes it all the more disturbing that Scottrade had to be informed by an outside agency of the breach, and that they didn't even know about it for so long:
"Federal law enforcement officials recently informed us that they’ve been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies. ...
"Based upon our subsequent internal investigation coupled with information provided by the authorities, we believe a list of client names and street addresses was taken from our system. "
Makes you wonder what other financial institutions haven't notified clients yet (or don't even know they've been compromised).
I already am registered with AllClear because me and my family members identity compromised by Anthem. And here is the kicker. I NEVER used Anthem. The breach was supposed to be for Anthem clients who used Blue Cross Blue Shield. I have never had BCBS insurance. It seems somehow, somewhere, we are connected to Anthem. I even called my current insurance company. They said they have no dealing with Anthem.
Why / How does Anthem even have my personal information then?
I've been Scottrade forever. I did receive email from them yesterday. IT claims, names and addresses compromised and not much else. the amount of snail mail spam I receive, who cares? My one question now is regarding AllClear. Do I need to separately request protection regarding Scottrade snafu when they are allegedly already monitoring suspicious activity regarding Anthem? The Scottrade email does say "no enrollment required" and I haven't received a written letter just email. Thinking I don't need to do anything. With anthem I received a letter in mail and I had to set things up.
Exactly.