Online broker TD Ameritrade says an internal investigation into stock-related spam uncovered 'unauthorised code' in its computer systems that allowed illegal access to an internal database.
In a statement TD Ameritrade says it has successfully eliminated the malicious code.
Names, e-mail addresses, and phone numbers belonging to retail and institutional clients were retrieved from the database using the unauthorised code.
However client assets held in accounts remain secure as user IDs, personal identification numbers and passwords were not stored in the affected database, says the broker.
The breached database also contained more sensitive information like account numbers, date of birth and social security numbers, but TD Ameritrade says there is no evidence that this data was taken.
"While the financial assets our clients hold with us were never touched, and there is no evidence that our clients' social security numbers were taken, we understand that this issue has increased unwanted spam, which is annoying and inconvenient for them," says TD Ameritrade CEO Joe Moglia.
TD Ameritrade says it has hired identity risk management specialist ID Analytics to investigate and monitor for potential identity theft.
Following its initial evaluation, ID Analytics found no evidence of identity theft as a result of the issue, says the broker.