In an email Scottrade sent to customers on Monday 10/5/15, the brokerage firm indicated that it was the victim of a data breach that affected 4.6 Million customers. What key lessons can be learned from this latest breach?
1) Network monitoring is not optional – and it needs to be done properly! This breach is believed to have occurred over a period of time spanning from late 2013 to early 2014. Scottrade had no idea they had been breached until they were notified by law enforcement this month. If Scottrade does have monitoring tools in place, it doesn’t sound like they were properly tuned or monitored (which is too often the case if monitoring is strictly implemented to check a compliance box).
2) Encryption can protect data even if you are breached. So far, it appears that the data accessed was client names and addresses. Social security numbers and passwords were on the same platform, but were encrypted and there has been no evidence that they were able to be accessed and no fraudulent account activity reported to date.
3) Breach costs add up FAST. Despite the fact that it does not seem that sensitive customer data was stolen, Scottrade is offering a free year of credit monitoring to all affected customers. Add in the costs to investigate the breach, remediate any vulnerabilities found that allowed the access, and potential for lawsuits, and the costs could add up fast: