No security.
SQLServer DB , plaintext and it looks like no or little security.
They should be hit with massive fines because of lax security. Note: They moved PII data in to the cloud which exposes them to more risk. Had the unsecured server been behind their firewalls, less risk of damage.
If I were a Scottrade customer, I'd start a class action lawsuit.
Yes its 2017... no excuse.
Biting the hand that feeds IT
