The company revealed they “discovered and eliminated unauthorized code from its systems that allowed access to an internal database. The discovery was made as the result of an internal investigation of stock-related SPAM.”

They also said email addresses, names, addresses and phone numbers were retrieved from a compromised database. That database also had account numbers, dates of birth, and Social Security numbers stored in it.

Those pieces of information would be pure gold to thieves. TD Ameritrade said it has no evidence the more sensitive data had been stolen.

“TD Ameritrade was obviously targeted by cybercriminals, following the old adage: Why rob a bank, because that’s where the money is,” said Dave Marcus, security research and communications manager at McAfee Avert Labs.

“Based on TD Ameritrade’s statements the attackers most likely used old fashioned hacking, social engineering and a cocktail of malicious software including password stealing trojans and bots to pilfer the customer data.”