Here is the email that is currently being sent to all C2 users. (Sending this massive quantity of emails is taking longer than we hoped, but we are trying to accelerate the process.) The main message of the email is that you should assume that any information you entered into C2 prior to December 28 has been compromised. You should change your C2 password. If we have credit card data, call your bank and have them replace your card with a new account number. Assume any brokerage account info you entered has been compromised. In the case of Generation 1 AutoTrading (for example, IB) you do not enter any brokerage account information into C2.
The email being sent follows below.
-------------------
Dear Collective2 User:
We recently became aware that our computer database was breached by a hacker and that the personal information of our customers was accessed. The information accessed includes names, email addresses, passwords, and credit card information. Thus, anything you typed into Collective2 before today may be potentially compromised.
We have contacted federal and state law enforcement authorities, who we hope will track down and prosecute the person responsible. More important: we have changed our database security, locked down our servers, and altered our Web site in order to prevent similar attacks. We are also notifying the three credit bureaus - Equifax, Experian and TransUnion - of the breach.
While we have no evidence that the hacker intended to use or has used the accessed information, it would be prudent for you to take the following steps.
Please immediately log in to Collective2 and change your password. You can do so through the following link:
https://www.collective2.com/changepassword
This link will also allow you to see other information which we have stored in our database and which therefore is possibly compromised. If you typed a credit card number into our site, we encourage you to contact your bank and ask them to change your credit card number. Again, we have no evidence that the criminal has made any illegal transactions. However, to be cautious, we suggest you monitor your credit reports to detect any unauthorized activity.
WHAT HAPPENS NEXT
Obviously our company depends on your trust. This has been a hard blow to the small team here at C2. It’s devastating to learn that much of the goodwill and trust that we’ve built over the last eight years can be harmed in a day.
You have my promise: we will do whatever it takes to protect your security. We have already made the changes necessary to prevent further access to your personal information by the hacker, or by others.
In addition, we have hired an outside security firm to help us. The firm has been engaged to conduct a full review of our servers, software, and architecture, to insure that information is secure.
STEPS WE ARE TAKING
We need to work hard to rebuild the credibility we lost. The first step, before anything else, is that we must be honest with our customers and make sure that they are safe. For this reason, I encourage you to go to the link above, and to change your Collective2 password as soon as possible. Also, please contact the bank that issued your credit card and ask to change your card account number.
BROKERAGE ACCOUNT INFORMATION
Finally, we see that you entered brokerage account information into C2 in order to enable AutoTrading. While we have no evidence that the hacker has accessed any brokerage accounts, we think it prudent for you to contact your broker and ask them to change your account number or password.
HOW TO CONTACT US
If you have questions about this email, please contact me at matthew@collective2.com.
CONCLUSION
I am sorry for the inconvenience and uncertainty this will surely cause you. I wish I were able to write you a different kind of letter as we enter the new year. I hope that you will stay with us in 2010, and that, by this time next year, we will have regained your trust and confidence.
Sincerely,
Matthew Klein
Founder
Collective2 LLC