Hackers Prey on Scottrade Clients, Penetrate Bank Lobbying Giant and Steal from T-Mobile Customers

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Crooks Home In on Scottrade Client Contact Info

The hackers appeared to want contact information even though the system that was penetrated contained Social Security numbers, email addresses and other sensitive data.

In August, the FBI informed the firm of the breach. 

Notifications were sent to current and former customers by email starting Oct. 2

Krebs on Security reports, "It may well be that the intruders were after Scottrade user data to facilitate stock scams, and that a spike in spam email for affected Scottrade customers will be the main fallout from this break-in."

Major Banking Lobby Discloses Hack, While Pushing to Regulate Retailer Cybersecurity

Attackers stole email addresses and passwords from visitors to the website of the American Bankers Association, the financial industry group that wants laws forcing retailers to improve data protection. 

The credentials "used to make purchases or register for events through aba.com’s shopping cart have been compromised,” the association wrote in an email to people who had used the online checkout system. “Like the banks we serve, ABA takes data security very seriously. We also recognize that despite significant security measures, breaches can and do occur.”

Unlike payment card breaches at retailers, this incident does not appear to have compromised consumer financial information. 

Did You Sign Up With T-Mobile In Recent Years? ID Thieves Know That and A Lot More

Intruders who hacked credit bureau Experian copied credit check information on T-Mobile customers. 

Anyone who applied for a regular T-Mobile USA postpaid plan between Sept. 1, 2013,and Sept. 16, 2015, might be affected. 

Experian said hackers broke into its computer system in September and accessed a computer server full of the information.

The bad guys took T-Mobile customer names, addresses, Social Security numbers, dates of birth and other identifying data (like driver's license, military ID or passport numbers.)

Crowdfunding Site Robbed of Donor Personal Information

Someone crept into Patreon, a website that allows people to automate donations to an artist or project. The attacker breached a "debug version" of the site that, at the time, was publicly accessible, the company says. 

Some registered names, email addresses and mailing addresses were accessed.

Compromised passwords, Social Security numbers and tax form information "remain safely encrypted with a 2048-bit RSA key," according to Patreon.

(Image via Mark Van Scyoc/Shutterstock.com)