Scottrade, the stock trading service, has been hacked -- and it lost information on 4.6 million customers.
The breach affected those who signed up for a Scottrade brokerage account before February 2014.
Hackers gained access to a massive database of Scottrade customers. Hackers pulled names and physical addresses. The database also contained emails and Social Security numbers, but Scottrade says it does not believe that data was taken (see correction below).
On Friday, the firm acknowledged that unknown criminals had broken into its computer network. The company said it didn't know about the theft until it was alerted by the FBI in August.
According to the company, federal agents were still investigating the incident and told the company to keep silent until now.
"All indications show that this was an external criminal act," said company spokeswoman Shea Leordeanu.
It's unclear who did it. And as with most cyberattacks, we may never know. Hackers often hide behind computer servers around the globe.
It's unclear what criminals have done with the stolen Scottrade customer data. This type of information typically appears for sale on black markets. Hackers then amass the stolen information to build large, searchable databases that make it easy for anyone to steal your identity for a small price. A stolen identity leads to stolen tax refunds, ruined credit and worse.
Scottrade is now offering one year of free identity protection.
The firm assured customers that trading information was not exposed -- and that its online portal is still safe to use.
Correction: After the initial publication of this story, Scottrade clarified that though Social Security numbers and emails were included in the database that was breached, it does not believe they were stolen.