AMP Trading data breach (70 gigs, ~100k files - customer data) - Reviews of Brokers and Data Feeds | futures io social day trading
futures io futures trading


AMP Trading data breach (70 gigs, ~100k files - customer data)
Updated: Views / Replies:14,460 / 54
Created: by Big Mike Attachments:1

Welcome to futures io.

(If you already have an account, login at the top of the page)

futures io is the largest futures trading community on the planet, with over 100,000 members. At futures io, our goal has always been and always will be to create a friendly, positive, forward-thinking community where members can openly share and discuss everything the world of trading has to offer. The community is one of the friendliest you will find on any subject, with members going out of their way to help others. Some of the primary differences between futures io and other trading sites revolve around the standards of our community. Those standards include a code of conduct for our members, as well as extremely high standards that govern which partners we do business with, and which products or services we recommend to our members.

At futures io, our focus is on quality education. No hype, gimmicks, or secret sauce. The truth is: trading is hard. To succeed, you need to surround yourself with the right support system, educational content, and trading mentors Ė all of which you can find on futures io, utilizing our social trading environment.

With futures io, you can find honest trading reviews on brokers, trading rooms, indicator packages, trading strategies, and much more. Our trading review process is highly moderated to ensure that only genuine users are allowed, so you donít need to worry about fake reviews.

We are fundamentally different than most other trading sites:
  • We are here to help. Just let us know what you need.
  • We work extremely hard to keep things positive in our community.
  • We do not tolerate rude behavior, trolling, or vendors advertising in posts.
  • We firmly believe in and encourage sharing. The holy grail is within you, we can help you find it.
  • We expect our members to participate and become a part of the community. Help yourself by helping others.

You'll need to register in order to view the content of the threads and start contributing to our community.  It's free and simple.

-- Big Mike, Site Administrator

Reply
 1  
 
Thread Tools Search this Thread
 

AMP Trading data breach (70 gigs, ~100k files - customer data)

  #51 (permalink)
Market Wizard
Houston, TX
 
Futures Experience: Advanced
Platform: XTrader
Broker/Data: Advantage Futures
Favorite Futures: Energy
 
Posts: 2,485 since Dec 2013
Thanks: 2,009 given, 4,256 received
Forum Reputation: Legendary

Thanks @Hood interesting email.

Made me wonder, has the security company that identified the weakness, while proclaiming to be helpful, actually committed a crime themselves?

Reply With Quote
The following user says Thank You to SMCJB for this post:
 
  #52 (permalink)
Elite Member
Gits (Hooglede) Belgium
 
Futures Experience: Master
Platform: NinjaTrader, Proprietary,
Broker/Data: Ninjabrokerage/IQfeed + Synthetic datafeed
Favorite Futures: 6A, 6B, 6C, 6E, 6J, 6S, ES, NQ, YM, AEX, CL, NG, ZB, ZN, ZC, ZS, GC
 
rleplae's Avatar
 
Posts: 2,776 since Sep 2013
Thanks: 2,091 given, 4,587 received
Forum Reputation: Legendary


SMCJB View Post
Thanks @Hood interesting email.

Made me wonder, has the security company that identified the weakness, while proclaiming to be helpful, actually committed a crime themselves?

It for sure fuels the business of security & legal consultants,
it is not a wake-up call
i have been in this business (build a security scan lab for a big payment scheme)
(at that time i was CISA/CISSP/GIAC)

You have :
- script kidies
- wanna bees
- minimal guys
- industry standard guys
- the top of the top (you fall of your chair

One day i was asked to investigate an incident, how an external party could
have reconstruct a complex administrator password, in under 48 hours...
(logs showed it was even more like instantaneous...)
(which excludes brute force) Once you know the answer it's easy

To some extend, it's like trading...

This remembers me a famous quote of one of my mentors :
"If you see somebody swimming in a problem, let him swim..."

The quote is 30 y/o, but still valid...

Reply With Quote
The following 3 users say Thank You to rleplae for this post:
 
  #53 (permalink)
Site Administrator
Manta, Ecuador
 
Futures Experience: Advanced
Platform: My own custom solution
Favorite Futures: E-mini ES S&P 500
 
Big Mike's Avatar
 
Posts: 46,519 since Jun 2009
Thanks: 29,579 given, 84,773 received


RELEASE: pr7693-18

February 12, 2018

CFTC Orders AMP Global Clearing LLC to Pay $100,000 for Supervision Failures Related to Cybersecurity of its Customersí Records and Information

Washington, DC*Ė The Commodity Futures Trading Commission (CFTC) today issued an Order filing and simultaneously settling charges against*AMP Global Clearing LLC*(AMP), a registered Futures Commission Merchant since 2010, for its failure between June 21, 2016 and April 17, 2017 to supervise diligently the implementation of critical provisions in AMPís information systems security program (ISSP). As a result of this failure, a significant amount of AMPís customersí records and information were left unprotected for nearly ten months. In April 2017, as a result of this failure, a third party unaffiliated with AMP (Third Party) accessed AMPís information technology network and copied approximately 97,000 files, which included customersí records and information, including personally identifiable information. The Third Party thereafter contacted federal authorities about securing the copied information, and subsequently informed AMP that the copied information had been secured and was no longer in the Third Partyís possession. After becoming aware of the vulnerability and unauthorized access, AMP cooperated with the CFTC and worked diligently to remediate the issue.

CFTCís Director of Enforcement Comments

James McDonald, the CFTCís Director of Enforcement, commented: ďEntities entrusted with sensitive information must work diligently to protect that information. Thatís not only good business, but when it comes to registrants in our markets, itís the law. As this case shows, the CFTC will work hard to ensure regulated entities live up to that responsibility, which has taken on increasing importance as cyber threats extend across our financial system.Ē

Specifically, the Order finds that AMP failed to supervise its IT Providerís implementation of ISSP provisions it was delegated with implementing under AMPís supervision, including identifying and performing risk assessments of access routes into AMPís network, performing quarterly network risk assessments to identify vulnerabilities, maintaining strict firewall rules, and detecting unauthorized activity on the network. This failure left a significant amount of AMPís customersí records and information vulnerable to cyber-exploitation for nearly ten months, until the Third Party accessed AMPís network.

The Order finds that the vulnerability in AMPís network involved an open access route in a network attached storage device (NASD). Three successive quarterly network risk assessments failed to identify this vulnerability. Indeed, the Order finds that, before the Third Party accessed the NASDís contents, the media had reported three other incidents of unauthorized access of NASDs used by organizations other than AMP, including some from the same manufacturer of AMPís NASD. Yet AMP did not detect the vulnerability until its network was accessed and customer records and information compromised.

The Order requires AMP to pay a $100,000 civil monetary penalty and cease and desist from violating the CFTC regulation governing diligent supervision. The Order further requires AMP to provide two written follow-up reports, within one-year of entry of the Order, to the CFTC verifying AMPís ongoing efforts to maintain and strengthen the security of its network and its compliance with its ISSPís requirements.

The Order recognizes AMPís substantial cooperation and remediation during the CFTCís Division of Enforcementís investigation of this matter, which included providing important information and analysis to the Division that helped the Division to efficiently and effectively undertake its investigation. The Order notes that the civil monetary penalty imposed on AMP reflects AMPís cooperation.

The CFTC thanks the Securities and Exchange Commission for its assistance in this matter.

Jeremy Christianson and Christopher Beatty from the CFTCís Office of Data and Technology also provided assistance in this matter.

CFTC Division of Enforcement staff members responsible for this action are Harry E. Wedewer, Trevor Kokal, Candice Aloisi, Lenel Hickson, Jr., and Manal M. Sultan.

Media Contact
Dennis Holden
202-418-5088

Last Updated: February 12, 2018


http://www.cftc.gov/PressRoom/PressReleases/pr7693-18


Sent using the futures.io mobile app

Due to time constraints, please do not PM me if your question can be resolved or answered on the forum.

Need help?
1) Stop changing things. No new indicators, charts, or methods. Be consistent with what is in front of you first.
2) Start a journal and post to it daily with the trades you made to show your strengths and weaknesses.
3) Set goals for yourself to reach daily. Make them about how you trade, not how much money you make.
4) Accept responsibility for your actions. Stop looking elsewhere to explain away poor performance.
5) Where to start as a trader? Watch this webinar and read this thread for hundreds of questions and answers.
6)
Help using the forum? Watch this video to learn general tips on using the site.

If you want
to support our community, become an Elite Member.

Reply With Quote
The following 2 users say Thank You to Big Mike for this post:
 
  #54 (permalink)
Elite Member
Gits (Hooglede) Belgium
 
Futures Experience: Master
Platform: NinjaTrader, Proprietary,
Broker/Data: Ninjabrokerage/IQfeed + Synthetic datafeed
Favorite Futures: 6A, 6B, 6C, 6E, 6J, 6S, ES, NQ, YM, AEX, CL, NG, ZB, ZN, ZC, ZS, GC
 
rleplae's Avatar
 
Posts: 2,776 since Sep 2013
Thanks: 2,091 given, 4,587 received
Forum Reputation: Legendary

Thanks @Big Mike for posting/sharing

Peanuts compared to what a 'card replacement fee' would look like

A card replacement fee, is a financial compensation, that an issuer and the card network will impose to an acquirer or a merchant bank, if sensitive card details would be stolen. The card replacement fee allows the issuers and the scheme to issue new cards to the customers and block stolen cards (add to black list)

A card replacement fee is +/- 20$ per customer

The report talks about files and not about individual customers..
It also does not allow to estimate the monetary value of the breach.

In my feeling 100K$ is low... in this case, very low, for a party like AMP that does not hurt them
a fine should have a function of 'hurting', to avoid repeat in history
like if you drive intoxicated, 200$ does not hurt, 3 months driver license revocation hurts more
in case of Finland it's a function of your net income, and then it can really hurt you big time !!

just my impression

In Europe things are quickly changing with a standard commonly known as GDRP

On privacy EU has always been light years ahead of US

Reply With Quote
The following 3 users say Thank You to rleplae for this post:
 
  #55 (permalink)
Elite Member
Cary, NC
 
Futures Experience: Advanced
Platform: MC, NT, Python, R
Broker/Data: IB, Oanda, IQFeed
Favorite Futures: 6E, CL, RB, NQ, YM
 
Fu510n's Avatar
 
Posts: 103 since Oct 2009
Thanks: 762 given, 95 received

PCI / DSS compliance

Makes me wonder how many brokerages go through the cost/aggravation of maintaining PCI/DSS certification. As an Operations manager for a payments company that goes through this every year, I can attest that it's no simple (or cheap) exercise but I sure wouldn't want to be using anyone who WASN'T certified.

My .02,
-Guy

Reply With Quote
The following 2 users say Thank You to Fu510n for this post:

Reply



futures io > > > > AMP Trading data breach (70 gigs, ~100k files - customer data)

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Upcoming Webinars and Events (4:30PM ET unless noted)

Battlestations: $750 in prizes - Show us your trading desk!

August
     

Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone has ZN flat tick data files recorded ? supersunny The Elite Circle 5 August 20th, 2016 03:03 PM
Anyone has GC flat tick data files recorded ? supersunny The Elite Circle 1 August 2nd, 2016 11:10 AM
HOME DEPOT COVERING UP MASSIVE CREDIT CARD DATA BREACH kbit News and Current Events 0 September 2nd, 2014 08:05 PM
Hackers Steal Personal Data of 70 Million PlayStation Users Quick Summary News and Current Events 0 April 26th, 2011 07:00 PM
Best Data Provider to compliment Zen-Fire for Mkt Internals & EOD Data? waverider Reviews of Brokers and Data Feeds 17 October 14th, 2010 10:33 AM


All times are GMT -4. The time now is 02:31 PM. (this page content is cached, log in for real-time version)

Copyright © 2018 by futures io, s.a., Av Ricardo J. Alfaro, Century Tower, Panama, +507 833-9432, info@futures.io
All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
no new posts
Page generated 2018-08-17 in 0.13 seconds with 15 queries on phoenix