Wednesday, September 26, 2007

Another Data Breach...

This time it's at Ameritrade, where 6.3 million customer records were compromised. Yesterday's DM News reported: Ameritrade lost 6.3 million names from database

"TD Ameritrade Holding Corporation, an online brokerage company, said one of its databases was hacked into and the personal information for more than 6.3 million customers was stolen. The company found malicious code in one of its databases."

These data breaches are happening all too often. In July, we posted about a data breach at Fidelity where a disgruntled employee stole over 2 million customer records.

Now, I do realize that it's extremely difficult to stop hackers and bad people (especially in-the-know employees). However, it's so important to the direct marketing industry that we nip this in the bud. If we intend to store customer information, we absolutely better ensure its safety. We need to invest in the right people, technology and practices to make it virtually impossible for the wrong people to access sensitive information.

If we don't do it, and do it now, I guarantee that some ambitious legislators will get involved. And, I think we all would agree that we don't need to work within more rules and legislation...


Ted Grigg said...

That's why TransUnion is allowing consumers to lock their credit reports. The other two reporting bureaus are looking into offering the same service to reduce identity theft.

If I understand it, this means that once locked, the credit bureau must get your explicit permission before divulging your credit information to any company.

More control must revert to the owner of the information. I think this type of restriction is a good thing. But companies know that this slows down, and even reduces, profit making opportunities for them.

Ron Shevlin said...

Suzanne -- I couldn't agree with you more, but I don't why you focus your comment on the "direct marketing industry".

First off, I don't think there are many -- if any -- people at TD Ameritrade who consider themselves to be in the direct marketing industry. I think they would think of themselves in the financial services industry, and that some of them may say they work in a direct or database marketing function.

But second, and more importantly, this is hardly a "marketing" problem. It's a problem for any firm that maintains personal information on its customers. In my eyes, this a lot more a technology problem than a marketing issue.

Suzanne Obermire said...

I'm all in favor of consumers accessing and having control over their credit reports. Having worked for many years at Experian, I appreciate the direction that access to one's own personal information is getting easier and easier--consumers have much more control about what is reported about them than we ever have in the past. Knowing what is on our credit file helps us understand when it is being abused (i.e.: identity theft or incorrect financial reporting). So, yes, Ted, I agree that even more control should be held by the owner of the personal info (the consumer).

Ron, I do understand that keeping data secure is a function of technology (and mindset) that impacts the financial services industry (and any other that collects lots of sensitive customer data). I've related this breach and the need to keep customer data secure to my industry, and that would be direct marketing :)

As you know, direct/database marketers are key users of customer data. We definitely can impact the need for secure data, even if it's just by bringing the importance of data security to our company leaders.