Discount broker Scottrade said on Friday that it was the victim of a cyberattack from late 2013 to early 2014 that compromised client names and addresses in a database with information on some 4.6 million customers.
The firm said it learned about the attack from federal law enforcement officials who were investigating the theft of data from Scottrade and other financial services firms. The company did not identify other potential victims. FBI officials could not be reached for comment.
News of the attack comes a day after Experian Plc disclosed a breach that compromised sensitive data of some 15 million people who sought to open accounts with T-Mobile US Inc.
The two incidents, announced on the first two days of the U.S. government's Cybersecurity Awareness Month, are a stark reminder of the challenges businesses face in getting ahead of hackers following a string of massive breaches in recent years.
Scottrade said on its website that its trading platforms and client funds had not been compromised.
"Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident," the company said.
Scottrade said it planned to offer customers identity theft protection services, had hired a computer forensics firm to investigate the attack, secured the intrusion point and beefed up network defenses.
Scottrade spokeswoman Shea Leordeanu declined to say if investigators had identified who was behind the attacks.
(Reporting by Diane Bartz and Jim Finkle; Editing by Meredith Mazzilli and Christian Plumb)