Retail brokerage firm Scottrade confirmed Friday it fell victim to a cyberattack two years ago.
In a brief statement on its website, the Missouri-based company said it was informed by federal law enforcement of "illegal activity involving our network" that occurred between late-2013 and early-2014.
"Although Social Security numbers, email addresses and other sensitive data were contained in the system were accessed, it appears that contact information was the focus of the incident," the statement read.
As many as 4.6 million clients, whose contact information is thought to have been taken, are being notified by the brokerage firm.
Financial information, such as client funds or trading platforms, are not said to have been compromised, the company said.
Passwords were also encrypted, but it's not clear which cryptography -- some of which are widely considered deprecated -- was used by the company.
A Scottrade spokesperson was not immediately available by email, but said in a statement to journalist Brian Krebs, who first reported the breach, that the focus of the attack was "a list of client names and street addresses" that was taken from its systems.
Krebs hypothesized that the stolen contact to facilitate stock scams by way of spam emails.