AMP Trading data breach (70 gigs, ~100k files - customer data) - Reviews of Brokers and Data Feeds | futures io social day trading
futures io futures trading


AMP Trading data breach (70 gigs, ~100k files - customer data)
Updated: Views / Replies:11,007 / 51
Created: by Big Mike Attachments:1

Welcome to futures io.

(If you already have an account, login at the top of the page)

futures io is the largest futures trading community on the planet, with over 90,000 members. At futures io, our goal has always been and always will be to create a friendly, positive, forward-thinking community where members can openly share and discuss everything the world of trading has to offer. The community is one of the friendliest you will find on any subject, with members going out of their way to help others. Some of the primary differences between futures io and other trading sites revolve around the standards of our community. Those standards include a code of conduct for our members, as well as extremely high standards that govern which partners we do business with, and which products or services we recommend to our members.

At futures io, our focus is on quality education. No hype, gimmicks, or secret sauce. The truth is: trading is hard. To succeed, you need to surround yourself with the right support system, educational content, and trading mentors Ė all of which you can find on futures io, utilizing our social trading environment.

With futures io, you can find honest trading reviews on brokers, trading rooms, indicator packages, trading strategies, and much more. Our trading review process is highly moderated to ensure that only genuine users are allowed, so you donít need to worry about fake reviews.

We are fundamentally different than most other trading sites:
  • We are here to help. Just let us know what you need.
  • We work extremely hard to keep things positive in our community.
  • We do not tolerate rude behavior, trolling, or vendors advertising in posts.
  • We firmly believe in and encourage sharing. The holy grail is within you, we can help you find it.
  • We expect our members to participate and become a part of the community. Help yourself by helping others.

You'll need to register in order to view the content of the threads and start contributing to our community.  It's free and simple.

-- Big Mike, Site Administrator

Reply
 1  
 
Thread Tools Search this Thread
 

AMP Trading data breach (70 gigs, ~100k files - customer data)

  #11 (permalink)
Market Wizard
London UK
 
Futures Experience: Beginner
Platform: CQG
Favorite Futures: Futures
 
xplorer's Avatar
 
Posts: 2,992 since Sep 2015
Thanks: 6,433 given, 4,668 received
Forum Reputation: Legendary

@mattz

Thanks Matt,


The paramount question that is going to be in each of their customers' mind is: "has my data been accessed by unauthorized parties"?

Reply With Quote
 
  #12 (permalink)
Administrator: Retired Backtester
 Vendor: speedytradingservers.com 
Rennes France
 
Futures Experience: Advanced
Platform: NinjaTrader
Broker/Data: IB/Kinetick
Favorite Futures: Futures
 
sam028's Avatar
 
Posts: 3,359 since Jun 2009
Thanks: 3,565 given, 3,976 received

Online:
"Vickery reported that about 70GB of data had been sitting on the open web, consisting of roughly 97,000 files."



Quantslab View Post
Some body knows if that info was posted ONLINE o r into deepweb?


Success requires no deodorant! (Sun Tzu)
Reply With Quote
The following user says Thank You to sam028 for this post:
 
  #13 (permalink)
Elite Member
Austin, TX
 
Futures Experience: Master
Platform: ninjatrader, r-trader
Favorite Futures: CL, NG, TF, NQ, YM, GC, ES
 
liquidcci's Avatar
 
Posts: 862 since Jun 2011
Thanks: 609 given, 1,051 received


This really bad. Unbelievable they would have things like passport scans that vulnerable.

"The day I became a winning trader was the day it became boring. Daily losses no longer bother me and daily wins no longer excited me. Took years of pain and busting a few accounts before finally got my mind right. I survived the darkness within and now just chillax and let my black box do the work."
Reply With Quote
 
  #14 (permalink)
Site Administrator
Manta, Ecuador
 
Futures Experience: Advanced
Platform: My own custom solution
Favorite Futures: E-mini ES S&P 500
 
Big Mike's Avatar
 
Posts: 46,237 since Jun 2009
Thanks: 29,350 given, 83,160 received

Not sure if AMP has notified the SEC, NFA and FBI about the data breach. Here is what the NFA rule says that seems applicable to this event:

NFA Manual / Rules


Quoting 
Response and Recovery from Events that Threaten the Security of the Electronic Systems

Members should create an incident response plan to provide a framework to manage detected security events or incidents, analyze their potential impact and take appropriate measures to contain and mitigate their threat. Members should consider in appropriate circumstances forming an incident response team responsible for investigating an incident, assessing its damage and coordinating the internal and external response.

A Member should consider including in its incident response plan a description of how the Member will address common types of potential incidents (e.g., unauthorized access, malicious code, denial of service and inappropriate usage), including how it will communicate internally with an appropriate escalation procedure and externally with customers/counterparties, regulators and law enforcement. In addition, Members should consider providing details of any detected threats to an industry-specific information sharing platform such as FS-ISAC.

Mike

Due to time constraints, please do not PM me if your question can be resolved or answered on the forum.

Need help?
1) Stop changing things. No new indicators, charts, or methods. Be consistent with what is in front of you first.
2) Start a journal and post to it daily with the trades you made to show your strengths and weaknesses.
3) Set goals for yourself to reach daily. Make them about how you trade, not how much money you make.
4) Accept responsibility for your actions. Stop looking elsewhere to explain away poor performance.
5) Where to start as a trader? Watch this webinar and read this thread for hundreds of questions and answers.
6)
Help using the forum? Watch this video to learn general tips on using the site.

If you want
to support our community, become an Elite Member.

Reply With Quote
The following user says Thank You to Big Mike for this post:
 
  #15 (permalink)
Site Administrator
Manta, Ecuador
 
Futures Experience: Advanced
Platform: My own custom solution
Favorite Futures: E-mini ES S&P 500
 
Big Mike's Avatar
 
Posts: 46,237 since Jun 2009
Thanks: 29,350 given, 83,160 received


sam028 View Post
Online:
"Vickery reported that about 70GB of data had been sitting on the open web, consisting of roughly 97,000 files."

The next question is, who else accessed the data prior to Vickery? I believe this is where the FBI gets involved to try and determine access.

Mike

Due to time constraints, please do not PM me if your question can be resolved or answered on the forum.

Need help?
1) Stop changing things. No new indicators, charts, or methods. Be consistent with what is in front of you first.
2) Start a journal and post to it daily with the trades you made to show your strengths and weaknesses.
3) Set goals for yourself to reach daily. Make them about how you trade, not how much money you make.
4) Accept responsibility for your actions. Stop looking elsewhere to explain away poor performance.
5) Where to start as a trader? Watch this webinar and read this thread for hundreds of questions and answers.
6)
Help using the forum? Watch this video to learn general tips on using the site.

If you want
to support our community, become an Elite Member.

Reply With Quote
 
  #16 (permalink)
Market Wizard
London UK
 
Futures Experience: Beginner
Platform: CQG
Favorite Futures: Futures
 
xplorer's Avatar
 
Posts: 2,992 since Sep 2015
Thanks: 6,433 given, 4,668 received
Forum Reputation: Legendary


Big Mike View Post
The next question is, who else accessed the data prior to Vickery? I believe this is where the FBI gets involved to try and determine access.

Mike

Does the FBI get involved unless there is evidence of a crime committed or being committed?


I would have thought that this is in AMP's court, for them to engage a cybersecurity firm to understand what, if anything, was downloaded.

Reply With Quote
 
  #17 (permalink)
Elite Member
Seattle, Washington
 
Futures Experience: Beginner
Platform: Jigsaw; Custom tool
Broker/Data: Stage5
Favorite Futures: ES, TF, VX
 
Posts: 15 since Nov 2016
Thanks: 7 given, 9 received

Saving a boat: Pump the water out or patch the leaks?


mattz View Post
. . . At this time, AMP is confident that there are no vulnerabilities on any of our servers. . . .

It's one thing to patch a leaking boat; it's a required step, obviously. But the bigger question has to do with the absolutely appalling and amateur data security procedures AMP must have. Anything sensitive should be encrypted, so that even if the boat springs a leak (or a hacker gets in, or a disgruntled employee steals data), the stuff that leaks out is effectively useless (unless the encryption is compromised, of course).

In other words, if they had followed even the simplest and most basic of security protocols, then even the compromise of their entire database would not result in the loss of reasonably usable PII. Even an amateurish effort would have been a monumental improvement. AMP clearly must have done far less than the bare minimum, when most clients would expect their financial institutions to not seek the bare minimum in security.

It's easy to blame the third-party IT company and their shoddy backup practices. Their incompetence is staggering, but that seems like the molehill compared to the mountain of AMP's mistake. That ignores the bigger issue that sensitive data was left unencrypted and then was being stored and transmitted; the blame for that lies solely in AMP's lap, and it's not clear from this email that that was addressed in any way, shape, or form.

Reply With Quote
 
  #18 (permalink)
Site Administrator
Manta, Ecuador
 
Futures Experience: Advanced
Platform: My own custom solution
Favorite Futures: E-mini ES S&P 500
 
Big Mike's Avatar
 
Posts: 46,237 since Jun 2009
Thanks: 29,350 given, 83,160 received


xplorer View Post
Does the FBI get involved unless there is evidence of a crime committed or being committed?


I would have thought that this is in AMP's court, for them to engage a cybersecurity firm to understand what, if anything, was downloaded.

I am not sure what the legal requirements of AMP are.

I've seen prior breaches result in FBI investigations. Given the highly sensitive nature of the data contained in this breach, I would assume AMP would ask for all the resources available to them to determine who or if anyone else accessed this data prior to Chris.

They should also be forcefully resetting everyone's passwords to their portal systems, trading accounts, and anything else -- to ensure no one can use the plaintext passwords and login or place unauthorized trades.

AMP may have some sort of cyber insurance policy that would cover the costs involved in something like this. For example, if they choose to provide credit monitoring to all their customers to monitor for identity theft, or due to any legal action from customers.

Mike

Due to time constraints, please do not PM me if your question can be resolved or answered on the forum.

Need help?
1) Stop changing things. No new indicators, charts, or methods. Be consistent with what is in front of you first.
2) Start a journal and post to it daily with the trades you made to show your strengths and weaknesses.
3) Set goals for yourself to reach daily. Make them about how you trade, not how much money you make.
4) Accept responsibility for your actions. Stop looking elsewhere to explain away poor performance.
5) Where to start as a trader? Watch this webinar and read this thread for hundreds of questions and answers.
6)
Help using the forum? Watch this video to learn general tips on using the site.

If you want
to support our community, become an Elite Member.

Reply With Quote
 
  #19 (permalink)
Market Wizard
London UK
 
Futures Experience: Beginner
Platform: CQG
Favorite Futures: Futures
 
xplorer's Avatar
 
Posts: 2,992 since Sep 2015
Thanks: 6,433 given, 4,668 received
Forum Reputation: Legendary


Big Mike View Post
I am not sure what the legal requirements of AMP are.

I think in cases like this it's more a matter of commercial common sense than just legal obligations. If I were AMP I would do my utmost to reassure my customers that no data theft took place or, if it did, minimising the potential ramifications.

Anything short of that and it would be reasonable to assume a large portion of my customer base take their business elsewhere.

Reply With Quote
The following user says Thank You to xplorer for this post:
 
  #20 (permalink)
Elite Member
Seattle, Washington
 
Futures Experience: Beginner
Platform: Jigsaw; Custom tool
Broker/Data: Stage5
Favorite Futures: ES, TF, VX
 
Posts: 15 since Nov 2016
Thanks: 7 given, 9 received



xplorer View Post
I think in cases like this it's more a matter of commercial common sense than just legal obligations. If I were AMP I would do my utmost to reassure my customers that no data theft took place or, if it did, minimising the potential ramifications.

Anything short of that and it would be reasonable to assume a large portion of my customer base take their business elsewhere.

I agree that commercial common sense here is of prime importance. What this breach shows more than anything else is AMP's attitude about data security. What is worth highlighting is that this kind of breach of this kind of unprotected sensitive data does not occur by mere negligence; it's enabled because of a complete disregard and lack of care about even basic security. This breach doesn't just show that AMP made a mistake; it shows that they must not have given the slightest care to data security; not the slightest care. I would not want to do business with a broker that had that kind of attitude about my sensitive data, no matter how much they apologize or mend their ways.

Reply With Quote

Reply



futures io > > > > AMP Trading data breach (70 gigs, ~100k files - customer data)

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Upcoming Webinars and Events (4:30PM ET unless noted)

Adam Grimes: TBA

Elite only

NinjaTrader: TBA

Dec 7

Linda Bradford Raschke: TBA

Elite only

Ran Aroussi: TBA

Elite only
     

Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone has ZN flat tick data files recorded ? supersunny The Elite Circle 5 August 20th, 2016 04:03 PM
Anyone has GC flat tick data files recorded ? supersunny The Elite Circle 1 August 2nd, 2016 12:10 PM
HOME DEPOT COVERING UP MASSIVE CREDIT CARD DATA BREACH kbit News and Current Events 0 September 2nd, 2014 09:05 PM
Hackers Steal Personal Data of 70 Million PlayStation Users Quick Summary News and Current Events 0 April 26th, 2011 08:00 PM
Best Data Provider to compliment Zen-Fire for Mkt Internals & EOD Data? waverider Reviews of Brokers and Data Feeds 17 October 14th, 2010 11:33 AM


All times are GMT -4. The time now is 01:30 PM.

Copyright © 2017 by futures io, s.a., Av Ricardo J. Alfaro, Century Tower, Panama, +507 833-9432, info@futures.io
All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
no new posts
Page generated 2017-11-20 in 0.13 seconds with 20 queries on phoenix via your IP 54.224.18.114