Welcome to NexusFi: the best trading community on the planet, with over 150,000 members Sign Up Now for Free
Genuine reviews from real traders, not fake reviews from stealth vendors
Quality education from leading professional traders
We are a friendly, helpful, and positive community
We do not tolerate rude behavior, trolling, or vendors advertising in posts
We are here to help, just let us know what you need
You'll need to register in order to view the content of the threads and start contributing to our community. It's free for basic access, or support us by becoming an Elite Member -- see if you qualify for a discount below.
-- Big Mike, Site Administrator
(If you already have an account, login at the top of the page)
I emailed AMP about the breach and there reply was "At this time, AMP is confident that there are no vulnerabilities on any of our servers.". So I replied with "I'm sure there aren't now, what about the past, was there a breach? Please answer yes or no.". They replied "No"
So, was there a breach and they are covering it up or did it not happen?
No server is invulnerable, no fortress is impenetrable, and no ship is unsinkable. Anybody holding sensitive data needs to understand this, and take reasonable steps in light of what they're storing to protect it. You don't stop at trying to make the container impenetrable, you also encrypt the contents.
AMP Global Clearing, LLC (AMP) is sending you this notice to keep you updated about your data on our servers. We were recently approached by a Cybersecurity research company with a claim that they had discovered a vulnerability in one of our back-up file storage server.
AMP responded by working with its IT service providers to ensure all vulnerabilities were eliminated in that server. The Cybersecurity research company then confirmed that the vulnerability had been resolved.
We have worked with the Cybersecurity research company, to ensure that all proper steps were taken to safeguard our customers’ information.
We are in direct communication with this Cybersecurity Company and our regulatory agencies. They have confirmed the files they accessed are currently encrypted, pending the instructions of the SEC.
From our understanding, this company’s mission is to make the cyber world safer by educating businesses and communities worldwide, with the goal of helping to protect data, identifying data leaks and following responsible disclosure policy.
At this time, AMP is confident that there are no vulnerabilities on any of our servers.
I totally agree. But replying the way they did only increases their liability on this manner. Is it possible that this is a competitor trying to bring them down?
Wouldn't they want to secure first before going public so its not a free for all for every malicious hacker who would then publicly know the door was open.....
IF it has been accessed prior to this researcher, they would want check that before every other wannabe hacker started poking around due to a public broadcast of a flaw I would think. Fastest way to get out a major (or minor) security flaw would be to tell the customers who it affects who then go asking for more details on forums/chats and so on and in the process, inadvertently disseminate the exploit for hackers to then attack. Its a hard line to walk, on the one hand, the customer EXPECTS transparency but the other hand they also expect to be protected and have exposure limited if possible.
AMP is damned if they do and damned if they don't....
Hopefully they found a path to limit customer exposure AND let customer know as soon as the security flaw was no longer able to be exploited. 4 days kind of sucks but at least AMP seem to be retroactively trying to fix this issue when its highlighted to them. Should have been a proactive approach though........... That's just good business when dealing with data security. Some serious talks need to be had with their 3rd party provider of that service but at the end of the day, the buck stops with AMP to ENSURE compliance. At the very minimum if they outsourced it because of not having the necessary skills in-house, they should have another party periodically audit and check the compliance of that 3rd party.
Of interest is the researchers claim he has found "other" security flaws within this sector recently....... Would be interesting to see what other brokers (if any) or associated companies with such personal details on file, have also left customer data exposed but have chosen to keep it on the dl from customers.
I dare say that AMP is having some serious discussions right now with outside professionals about mapping a path forward that strongly protects customers data so as to try and claw back customers trust.
Looks like AMP actually retained a 3rd party to ensure compliance in this area but sadly seems that 3rd party didn't have anyone auditing or checking how good they actually were at doing that job.......
I am an AMP customer and today is the first I have heard of this. I never received anything from AMP. Are there AMP customers here who have been notified of a breach? Or were only customers that potentially affected contacted?
1. Never attribute to malice......
2. Civil liability for data breaches, at least in the US, is basically a joke (as far as a client/victim suing is concerned). In a nutshell, you have to prove that your identity was stolen and that it harmed you, and that the thief used what was stolen from breached company. It's incredibly hard to prove, and the payout even with a win is unlikely to be worth the cost. Also, assume that class actions were agreed away, so there's not really any meaningful remedy beyond talking with your wallet. The lack of a meaningful remedy correlates with consequences; few consequences = [ ]. It's a disturbing state of affairs...