Slashdot has the scoop on the latest Ameritrade customer concerns:

So it’s pretty clear that some attacker has access to the AmeriTrade customer database on an ongoing basis, and the February 2005 tape theft probably had nothing to do with it.

AmeriTrade says that California law required them to notify their California customers of a potential security breach after the tapes were stolen, and that they went further and notified all of their customers anyway. Since there is now proof that their database is more or less perpetually open to some outside attacker, will they send out another notification letter to customers?

Some say a breach has no effect on consumer confidence. Having been invited to work on several investigations that looked at consumer response and complaints, I disagree. I think that many, although perhaps not yet the majority of, consumers are definitely sensitive to breach notification. They might have reacted warmly in the past, but times are quickly changing and the costs are more abruptly apparent now.

The frog doesn’t jump when the temperature changes slowly, but if they perceive water as suddenly hot, they jump.