NexusFi: Find Your Edge


Home Menu

 





AMP Trading data breach (70 gigs, ~100k files - customer data)


Discussion in Brokers

Updated
      Top Posters
    1. looks_one Big Mike with 9 posts (30 thanks)
    2. looks_two xplorer with 7 posts (5 thanks)
    3. looks_3 samsin78626 with 5 posts (0 thanks)
    4. looks_4 DeliberatingDinos with 4 posts (2 thanks)
      Best Posters
    1. looks_one Jigsaw Trading with 5 thanks per post
    2. looks_two Big Mike with 3.3 thanks per post
    3. looks_3 mattz with 3 thanks per post
    4. looks_4 rleplae with 3 thanks per post
    1. trending_up 29,442 views
    2. thumb_up 69 thanks given
    3. group 23 followers
    1. forum 54 posts
    2. attach_file 1 attachments




 
Search this Thread

AMP Trading data breach (70 gigs, ~100k files - customer data)

  #11 (permalink)
 
xplorer's Avatar
 xplorer 
London UK
Site Moderator
 
Experience: Beginner
Platform: CQG
Broker: S5
Trading: Futures
Posts: 5,944 since Sep 2015
Thanks Given: 15,447
Thanks Received: 15,291

@mattz

Thanks Matt,


The paramount question that is going to be in each of their customers' mind is: "has my data been accessed by unauthorized parties"?

Reply With Quote

Can you help answer these questions
from other members on NexusFi?
Futures True Range Report
The Elite Circle
Ninja Mobile Trader VPS (ninjamobiletrader.com)
Trading Reviews and Vendors
Build trailing stop for micro index(s)
Psychology and Money Management
Deepmoney LLM
Elite Quantitative GenAI/LLM
ZombieSqueeze
Platforms and Indicators
 
Best Threads (Most Thanked)
in the last 7 days on NexusFi
Get funded firms 2023/2024 - Any recommendations or word …
60 thanks
Funded Trader platforms
43 thanks
NexusFi site changelog and issues/problem reporting
24 thanks
GFIs1 1 DAX trade per day journal
22 thanks
The Program
19 thanks
  #12 (permalink)
 
sam028's Avatar
 sam028 
Site Moderator
 
Posts: 3,765 since Jun 2009
Thanks Given: 3,825
Thanks Received: 4,629

Online:
"Vickery reported that about 70GB of data had been sitting on the open web, consisting of roughly 97,000 files."



Quantslab View Post
Some body knows if that info was posted ONLINE o r into deepweb?


Success requires no deodorant! (Sun Tzu)
Follow me on Twitter Reply With Quote
Thanked by:
  #13 (permalink)
 
liquidcci's Avatar
 liquidcci 
Austin, TX
 
Experience: Master
Platform: ninjatrader, r-trader
Trading: NQ, CL
Posts: 866 since Jun 2011
Thanks Given: 610
Thanks Received: 1,091


This really bad. Unbelievable they would have things like passport scans that vulnerable.

"The day I became a winning trader was the day it became boring. Daily losses no longer bother me and daily wins no longer excited me. Took years of pain and busting a few accounts before finally got my mind right. I survived the darkness within and now just chillax and let my black box do the work."
Reply With Quote
  #14 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,399 since Jun 2009
Thanks Given: 33,175
Thanks Received: 101,541

Not sure if AMP has notified the SEC, NFA and FBI about the data breach. Here is what the NFA rule says that seems applicable to this event:

NFA Manual / Rules


Quoting 
Response and Recovery from Events that Threaten the Security of the Electronic Systems

Members should create an incident response plan to provide a framework to manage detected security events or incidents, analyze their potential impact and take appropriate measures to contain and mitigate their threat. Members should consider in appropriate circumstances forming an incident response team responsible for investigating an incident, assessing its damage and coordinating the internal and external response.

A Member should consider including in its incident response plan a description of how the Member will address common types of potential incidents (e.g., unauthorized access, malicious code, denial of service and inappropriate usage), including how it will communicate internally with an appropriate escalation procedure and externally with customers/counterparties, regulators and law enforcement. In addition, Members should consider providing details of any detected threats to an industry-specific information sharing platform such as FS-ISAC.

Mike

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Started this thread Reply With Quote
Thanked by:
  #15 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,399 since Jun 2009
Thanks Given: 33,175
Thanks Received: 101,541


sam028 View Post
Online:
"Vickery reported that about 70GB of data had been sitting on the open web, consisting of roughly 97,000 files."

The next question is, who else accessed the data prior to Vickery? I believe this is where the FBI gets involved to try and determine access.

Mike

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Started this thread Reply With Quote
  #16 (permalink)
 
xplorer's Avatar
 xplorer 
London UK
Site Moderator
 
Experience: Beginner
Platform: CQG
Broker: S5
Trading: Futures
Posts: 5,944 since Sep 2015
Thanks Given: 15,447
Thanks Received: 15,291


Big Mike View Post
The next question is, who else accessed the data prior to Vickery? I believe this is where the FBI gets involved to try and determine access.

Mike

Does the FBI get involved unless there is evidence of a crime committed or being committed?


I would have thought that this is in AMP's court, for them to engage a cybersecurity firm to understand what, if anything, was downloaded.

Reply With Quote
  #17 (permalink)
 DeliberatingDinos 
Seattle, Washington
 
Experience: Intermediate
Platform: Jigsaw; Custom tool; ToS
Broker: Stage5
Trading: ES, RT, NQ
Posts: 21 since Nov 2016
Thanks Given: 14
Thanks Received: 26


mattz View Post
. . . At this time, AMP is confident that there are no vulnerabilities on any of our servers. . . .

It's one thing to patch a leaking boat; it's a required step, obviously. But the bigger question has to do with the absolutely appalling and amateur data security procedures AMP must have. Anything sensitive should be encrypted, so that even if the boat springs a leak (or a hacker gets in, or a disgruntled employee steals data), the stuff that leaks out is effectively useless (unless the encryption is compromised, of course).

In other words, if they had followed even the simplest and most basic of security protocols, then even the compromise of their entire database would not result in the loss of reasonably usable PII. Even an amateurish effort would have been a monumental improvement. AMP clearly must have done far less than the bare minimum, when most clients would expect their financial institutions to not seek the bare minimum in security.

It's easy to blame the third-party IT company and their shoddy backup practices. Their incompetence is staggering, but that seems like the molehill compared to the mountain of AMP's mistake. That ignores the bigger issue that sensitive data was left unencrypted and then was being stored and transmitted; the blame for that lies solely in AMP's lap, and it's not clear from this email that that was addressed in any way, shape, or form.

Reply With Quote
  #18 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,399 since Jun 2009
Thanks Given: 33,175
Thanks Received: 101,541


xplorer View Post
Does the FBI get involved unless there is evidence of a crime committed or being committed?


I would have thought that this is in AMP's court, for them to engage a cybersecurity firm to understand what, if anything, was downloaded.

I am not sure what the legal requirements of AMP are.

I've seen prior breaches result in FBI investigations. Given the highly sensitive nature of the data contained in this breach, I would assume AMP would ask for all the resources available to them to determine who or if anyone else accessed this data prior to Chris.

They should also be forcefully resetting everyone's passwords to their portal systems, trading accounts, and anything else -- to ensure no one can use the plaintext passwords and login or place unauthorized trades.

AMP may have some sort of cyber insurance policy that would cover the costs involved in something like this. For example, if they choose to provide credit monitoring to all their customers to monitor for identity theft, or due to any legal action from customers.

Mike

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Started this thread Reply With Quote
  #19 (permalink)
 
xplorer's Avatar
 xplorer 
London UK
Site Moderator
 
Experience: Beginner
Platform: CQG
Broker: S5
Trading: Futures
Posts: 5,944 since Sep 2015
Thanks Given: 15,447
Thanks Received: 15,291


Big Mike View Post
I am not sure what the legal requirements of AMP are.

I think in cases like this it's more a matter of commercial common sense than just legal obligations. If I were AMP I would do my utmost to reassure my customers that no data theft took place or, if it did, minimising the potential ramifications.

Anything short of that and it would be reasonable to assume a large portion of my customer base take their business elsewhere.

Reply With Quote
Thanked by:
  #20 (permalink)
 DeliberatingDinos 
Seattle, Washington
 
Experience: Intermediate
Platform: Jigsaw; Custom tool; ToS
Broker: Stage5
Trading: ES, RT, NQ
Posts: 21 since Nov 2016
Thanks Given: 14
Thanks Received: 26



xplorer View Post
I think in cases like this it's more a matter of commercial common sense than just legal obligations. If I were AMP I would do my utmost to reassure my customers that no data theft took place or, if it did, minimising the potential ramifications.

Anything short of that and it would be reasonable to assume a large portion of my customer base take their business elsewhere.

I agree that commercial common sense here is of prime importance. What this breach shows more than anything else is AMP's attitude about data security. What is worth highlighting is that this kind of breach of this kind of unprotected sensitive data does not occur by mere negligence; it's enabled because of a complete disregard and lack of care about even basic security. This breach doesn't just show that AMP made a mistake; it shows that they must not have given the slightest care to data security; not the slightest care. I would not want to do business with a broker that had that kind of attitude about my sensitive data, no matter how much they apologize or mend their ways.

Reply With Quote




Last Updated on May 31, 2018


© 2024 NexusFi™, s.a., All Rights Reserved.
Av Ricardo J. Alfaro, Century Tower, Panama City, Panama, Ph: +507 833-9432 (Panama and Intl), +1 888-312-3001 (USA and Canada)
All information is for educational use only and is not investment advice. There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
About Us - Contact Us - Site Rules, Acceptable Use, and Terms and Conditions - Privacy Policy - Downloads - Top
no new posts