Ameritrade has sent a notification to customers of a data breach that resulted from a hacker. In the process of investigating a spam issue, Ameritrade discovered rogue code in their systems, which allowed information to be retrieved by an external source.

The database containing the rogue code contained personally identifiable information for 6.3 million customers.

Ameritrade notified customers that their personal information was accessed, but as yet there are no details as to whether or not personal identity data was breached (in this case the concern was over Social Security numbers).

Information on client assets, user IDs, passwords and PIN numbers were not stored in the affected database.

This is Ameritrade’s third data breach in as many years, and their handling of this latest issue was much more more proactive than previous incidents. Notification has not been required at this stage, as identity data is not known to have been breached. However, this proactive approach goes a long way to restoring consumer confidence.

The Ameritrade advisory notes that no action is required of customers at this point.

Via InformationWeek (1, 2) ; Tags: ameritrade, data breach, data breach notification, hackers, it security, security, business security