3 Key Lessons From the Scottrade Data Breach

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

In an email Scottrade sent to customers on Monday 10/5/15, the brokerage firm indicated that it was the victim of a data breach that affected 4.6 Million customers.  What key lessons can be learned from this latest breach?

1) Network monitoring is not optional – and it needs to be done properly!  This breach is believed to have occurred over a period of time spanning from late 2013 to early 2014.  Scottrade had no idea they had been breached until they were notified by law enforcement this month.  If Scottrade does have monitoring tools in place, it doesn’t sound like they were properly tuned or monitored (which is too often the case if monitoring is strictly implemented to check a compliance box).

2) Encryption can protect data even if you are breached.  So far, it appears that the data accessed was client names and addresses.  Social security numbers and passwords were on the same platform, but were encrypted and there has been no evidence that they were able to be accessed and no fraudulent account activity reported to date.

3) Breach costs add up FAST.  Despite the fact that it does not seem that sensitive customer data was stolen, Scottrade is offering a free year of credit monitoring to all affected customers.  Add in the costs to investigate the breach, remediate any vulnerabilities found that allowed the access, and potential for lawsuits, and the costs could add up fast:

Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform