Brokerage firm says names and email addresses targeted Credit: Thinkstock In an email on Friday, brokerage firm Scottrade Inc., alerted customers to a data breach, which affected 4.6 million people.Scottrade learned about the problem after being contacted by the FBI. According to the email sent to customers, and a public notice, the authorities learned that Scottrade was compromised while investigating other data-theft cases.“If your information was contained in the affected database, you will receive a letter or email from Scottrade with additional information and resources. We have secured the known intrusion point and conducted an internal data forensics investigation on this incident with assistance from a leading computer security firm. We have taken appropriate steps to further strengthen our network defenses,” Scottrade told customers.The firm that was brought on to do the IR is unknown, but the top guess currently circles around the usual suspect – Mandiant/FireEye. The breach affects Scottrade customers who had accounts prior to February 2014, but investigators have determined that the breach took place between late 2013 and early 2014, so accounts that were created or maintained within that tine frame are at risk.“We have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. Based upon our internal investigation and information provided by the federal authorities, we believe a list of client names and street addresses was taken from our system,” Scottrade explained. “Although Social Security numbers, email addresses or other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident. We have not seen any indication of increased fraudulent activity as a result of this incident.”Scottrade is using AllClear ID to handle the identity theft coverage.The company says the investigation is ongoing, but they’ll continue to cooperate with law enforcement.Scottrade also stressed a warning against Phishing, telling customers that official communications from the company would never ask about account numbers, passwords or other private information. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe