Online brokerage TD Ameritrade is warning customers today that some of their personal information, notably e-mail addresses, may have been accessed by an external source. Its handling of the situation shows there's some progress being made toward more proactive disclosure of security breaches.
In a letter to account holders (full disclosure: I received the letter), CEO Joe Moglia explains
While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain information stored in one of our databases, including e-mail addresses, to be retrieved by an external source.
Please be assured that UserIDs and passwords are not included in this database, and we can confirm that your assets remain secure at TD AMERITRADE.
He goes on to say the code was quickly eliminated and customer assets are protected