While many seem to be accepting at face value the spam claim by TD Ameritrade about their data breach, SC Magazine is asking one of the tough questions. In his article, Jim Carr writes:
"Was TD Ameritrade, which revealed on Friday that contact information for 6.3 million customers was stolen from one of its databases, victimized by an attack from an insider?"
Carr quotes Phil Neray, Vice President at Guardium, who asserts:
"This has all the signs of an inside job... I would say it's highly likely that is was done by a privileged administrator within Ameritrade."
My point: the hard questions have to be asked and answered. And this is one of them. I learned this from my experience with IBM's data breach. When companies experience a data breach, they have to be forthcoming with answers to the tough questions to give their customers (and investors) some assurances of data security. In my experience, IBM didn't and my confidence with IBM declined as a result.
Avoidance or reluctance to answer the tough questions means there's effectively no accountability... no oversight about the internal investigation. This leaves ID-theft victims wondering if anyone is telling them the truth, or the whole truth.