TD Ameritrade Holding Corp. has discovered unauthorized code in its systems that allowed access to an internal database. The discovery was made as the result of an internal investigation of stock-related spam.

The company, which has eliminated the offending code, commissioned forensic data experts to assist in its investigation of this issue. It reports that the results of their efforts revealed: client assets remain secure, as client access data was not stored in the compromised database; information such as e-mail addresses, names, addresses and phone numbers was retrieved from this database, affecting its retail and institutional clients; and, although more sensitive information such as account numbers, birthdates and social security numbers is stored in this database, there is no evidence that it was taken.

“While the financial assets our clients hold with us were never touched, and there is no evidence that our clients’ social security numbers were taken, we understand that this issue has increased unwanted spam, which is annoying and inconvenient for them,” said Joe Moglia, CEO. “We sincerely apologize for that and any added concern this may have caused.”

The company has hired a third party, ID Analytics, Inc., to investigate and monitor for potential identity theft. It found no evidence of identity theft as a result of this issue.

TD Ameritrade will retain ID Analytics’ services on an ongoing basis to support its client accounts by continuing to monitor for evidence of identity theft.

The company says it is confident that it has identified the way in which this information was taken and has taken the appropriate steps to prevent it from recurring.