Scottrade hack exposes the personal information of 4.6 million customers.

Scottrade reports a data breach

St. Louis-based Scottrade, a nationwide retail brokerage firm, recently announced that they were the victims of a data breach.

According to a post on their website, a federal investigation revealed that 4.6 million Scottrade accounts were compromised from late 2013 to early 2014.

What is unusual about this case is not only the fact that the breach first occurred roughly two years ago, but that Scottrade had no knowledge of the hack until they were informed by the Federal Bureau of Investigation (FBI).

"Federal law enforcement officials recently informed us that they've been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies," the company said in a statement.

In today's current cybersecurity climate, companies cannot afford to go that long without a noticing a breach in their network and be unaware of company data breaches for this significant amount of time, along with waiting too long to incorporate  a response in their disaster recovery planning process.

"The revelation isn't exactly confidence inspiring," wrote Engadget in their coverage of the story. "It suggests that the company's security measures weren't thorough enough to even detect the hacking attempt, let alone stop it."

The statement explains that the goal of the attack was to obtain customer contact information, particularly names and addresses. Although other sensitive information was contained in the compromised servers, including customer email addresses and Social Security numbers, it is not believed that this data was obtained.

In more positive news, financial information handled by the broker, including account passwords, client funds or Scottrade's internal trading platforms were not affected by the hack, the company stated. 

The company has reportedly closed the intrusion point and is in the process of working with the FBI, a private security firm and their own internal data forensics investigators for further research into the incident.