OMAHA, Neb. - Online brokerage TD Ameritrade Holding Corp. said yesterday one of its databases was hacked and contact information for its more than 6.3 million customers was stolen.
A company spokeswoman said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken.
The company would not share many details of its investigation, including when the hack took place, because it is still looking into the theft and cooperating with investigators from the FBI, Securities and Exchange Commission, Financial Industry Regulatory Authority, and local authorities.
Ameritrade, based in Omaha, has known about the problem at least since late May, when two of its customers sued the brokerage in federal court because they were receiving unwanted e-mail ads on accounts used only for Ameritrade.
The data on Ameritrade's servers may have been vulnerable for an extended period of time dating back at least to October, according to the lawsuit filed by lawyer Scott A. Kamber. The company said yesterday the problem had recently been fixed.
The plaintiffs had wanted the court to order Ameritrade to tell its customers about the data problem, but Ameritrade issued its release before a hearing could be held. The plaintiffs are also seeking damages and are trying to qualify as a class-action lawsuit.
"They preferred putting out a press release with their own language in it rather than have the court order them to put out a release with our language," Kamber said.
Ameritrade officials did not immediately respond to a message left yesterday afternoon with questions about the lawsuit.
Earlier in the day, Ameritrade spokeswoman Kim Hillyer said the company discovered the breach in its system during a routine review of complaints about email ads.