By Roma Luciw
August 28, 2007
Online broker TradeFreedom Securities Inc. has quietly notified an
unidentified number of its customers that a computer security breach has
compromised some of their personal information, potentially exposing
them to fraud.
In what it described as a follow-up to an Aug. 17 notice to clients, it
said in a Friday e-mail that it had finished its investigation into the
"recent unauthorized intrusion" of one of its computer systems.
"We have subsequently determined that, despite our security systems in
place at the time, this unauthorized intrusion has also resulted in the
compromise of some of your personal information," TradeFreedom said.
"This information is your name, social insurance number, city, province
and postal code."
Citing a continuing police investigation by the Sret du Qubec,
TradeFreedom president Bruce Seago said he could not release any details
about the nature or timing of the computer security breach.
"We are dealing with our customers on a case-by-case basis and
communicating directly with them based on how they have been impacted,
if at all, by this situation. Not all of our customers have been," he
said, adding that "not every single customer was impacted in the exact
TradeFreedom's investigation has not found any evidence that client's
accounts and assets have been compromised. "None of our customers have
suffered a financial loss as a result of this."
The online broker said it has deleted personal customer data from the
affected computer system, which it described as secondary and not the
one their clients trade on.
The Bank of Nova Scotia agreed to buy the Montreal-based firm on June
26, a deal that has not yet closed.
Colin McKay, a spokesman at the federal Office of the Privacy
Commissioner of Canada, said the commission is "concerned" with the
breach. "You would expect an online business, especially a securities
business, to have the highest level of security," he said.
TradeFreedom reported the incident to the commission last week. The
privacy commissioner is now waiting for more details on what exactly
happened and what steps the broker is taking to remedy the situation. So
far, one person has called about the breach.
"One complaint or one comment from a consumer is enough for us to start
looking into it and ask them for more information," Mr. McKay said.
"Depending on the information they give to us, we may very well launch a
commissioner-initiated complaint or investigation."
TradeFreedom's website had no mention of the security breach Monday,
although the client e-mail provided customers with a link to information
on how to minimize the risk of identity theft.
The company is also offering its customers a one-year subscription to an
electronic credit monitoring service.
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!