Security breach hits online brokerage

Security breach hits online brokerage
Security breach hits online brokerage 

By Roma Luciw
August 28, 2007

Online broker TradeFreedom Securities Inc. has quietly notified an 
unidentified number of its customers that a computer security breach has 
compromised some of their personal information, potentially exposing 
them to fraud.

In what it described as a follow-up to an Aug. 17 notice to clients, it 
said in a Friday e-mail that it had finished its investigation into the 
"recent unauthorized intrusion" of one of its computer systems.

"We have subsequently determined that, despite our security systems in 
place at the time, this unauthorized intrusion has also resulted in the 
compromise of some of your personal information," TradeFreedom said. 
"This information is your name, social insurance number, city, province 
and postal code."

Citing a continuing police investigation by the Sret du Qubec, 
TradeFreedom president Bruce Seago said he could not release any details 
about the nature or timing of the computer security breach.

"We are dealing with our customers on a case-by-case basis and 
communicating directly with them based on how they have been impacted, 
if at all, by this situation. Not all of our customers have been," he 
said, adding that "not every single customer was impacted in the exact 
same way."

TradeFreedom's investigation has not found any evidence that client's 
accounts and assets have been compromised. "None of our customers have 
suffered a financial loss as a result of this."

The online broker said it has deleted personal customer data from the 
affected computer system, which it described as secondary and not the 
one their clients trade on.

The Bank of Nova Scotia agreed to buy the Montreal-based firm on June 
26, a deal that has not yet closed.

Colin McKay, a spokesman at the federal Office of the Privacy 
Commissioner of Canada, said the commission is "concerned" with the 
breach. "You would expect an online business, especially a securities 
business, to have the highest level of security," he said.

TradeFreedom reported the incident to the commission last week. The 
privacy commissioner is now waiting for more details on what exactly 
happened and what steps the broker is taking to remedy the situation. So 
far, one person has called about the breach.

"One complaint or one comment from a consumer is enough for us to start 
looking into it and ask them for more information," Mr. McKay said. 
"Depending on the information they give to us, we may very well launch a 
commissioner-initiated complaint or investigation."

TradeFreedom's website had no mention of the security breach Monday, 
although the client e-mail provided customers with a link to information 
on how to minimize the risk of identity theft.

The company is also offering its customers a one-year subscription to an 
electronic credit monitoring service.

Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 

Site design & layout copyright © 1986-2015 CodeGods