If I were running a financial-based startup, I'd be worried too. Large companies like Ameritrade have security departments that are more than 3-4x the size of some startups. It makes you really wonder if consumers will be taken aback by the whole thing.
I know I was. I had a unique e-mail for Datek, which got bought by TD Waterhouse then Ameritrade. Started getting the same spam in both my unique e-mail and my very private (at that time) personal e-mail that was a backup contact. Ameritrade refused to believe they were the problem despite the obvious signs.
Back in July 2006, I posted an entry on my blog (http://www.billkatz.com/node/77) and the comments showed a lot of people having the same problem. The most troubling aspect was their constant denial of the problem and the length of time it took to find the cause. Ameritrade said this in e-mails to their customers over a year ago:
"We thoroughly reviewed our systems and data sent
to third parties with access to e-mail addresses and found no misuse or compromises of any of our systems or storage
mediums for e-mail addresses. Additionally, after further
review of our systems, there is no indication that your account information held with Ameritrade has been compromised. Please be assured that we regularly contract leading edge security firms to conduct network and application penetration tests to test the security of our network and web presence. We also employ a staff of full time employees solely dedicated to Information Security."
I too was afflicted by 1000s of spam messages resultant from this.
You know, maybe I need to brush up on my SEC regulatory knowledge, but it seems like sending billions of emails pumping up worthless penny stocks would be...seriously illegal. With so many offenses would it really be so hard for the FBI to see who's buying this crap before the spam goes out? You know...crunch the numbers and then maybe raid their computers? Just a thought.
