DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TD Ameritrade settlement rejected

Posted on October 26, 2009 by Dissent

Josh Funk of Associated Press reports that Judge Vaughn Walker has rejected the settlement offer by TD Ameritrade. The settlement was in response to a hack in 2006 nd 2007 which exposed customer contact information on 6.3 million clients. According to the AP, the judge found that the deal, which would give the affected customers anti-spam software for a year and a promise of tighter security in the future, did not provide sufficient benefit to customers while providing $1.9 million in legal fees.

Back in May, I had commented that:

The settlement will not result in any money for class members but the lawyers get almost $2 million. Indeed, it’s not clear to me that the class members get anything at all out of this settlement. I guess we’ll have to wait and see the actual terms when the deal is approved.

Judge Walker had tentatively approved the deal in May and then held a hearing in September, and will be interesting to read his decision when it becomes available. What changed his mind between May and now?

Category: Breach IncidentsFinancial SectorHackOf Note

Post navigation

← Stolen laptops biggest danger as extent of UK data losses revealed
CalOptima Reports Potential Loss of Patient Claims Information (updated) →

3 thoughts on “TD Ameritrade settlement rejected”

  1. elvey says:
    October 28, 2009 at 11:51 pm

    Hey. I have a copy of Judge Walker’s decision on my website, along with my thoughts. See
    http://caringaboutsecurity.wordpress.com/2009/10/27/we-win-settlement-and-kamberedelson-booted/ for both. Please let me know what you think, by posting there or here. I certainly think your characterization in May of the compromised information as merely “contact information” is inappropriate! The idea that thieves, having gained full access to the database containing both, would choose to steal the email addresses only, while leaving the far more valuable SSNs, is simply farfetched, and no evidence has been introduced to support it.

    1. Matthew Elvey says:
      January 14, 2011 at 2:35 pm

      What additional proof do I have?

      1)I have a whistle blower’s word. I’m told that TD Ameritrade covered up the breach. TD Ameritrade took and continues to take steps that show bad faith in order to to **hide from discovery, shut down and discourage** efforts by customers and staff to analyze or discuss aspects of the breach, even within the company. Also, one needs to carefully parse what TD Ameritrade HAS said. Everyone willing to stick their neck out about this has already had it chopped off (speaking metaphorically; they’re no longer with the company – fired, pushed out, or quit in disgust); anyone else who cares is laying low.

      2)Also, my identity was stolen and used for new account identity theft, for the first time ever, starting the month after proof of the breach started to appear. A smoking gun? No. Evidence? Yes. AND, TDA ignored the smoking guns that showed they had been breached ’till I sued them, as I had proof.

  2. admin says:
    October 29, 2009 at 9:51 am

    Thanks, Matthew.

    It’s clear that you firmly believe that SSN were accessed and/or acquired, but where is the proof of that other than your “common sense” kind of argument? You seem to expect bloggers or the media to ignore what the company has repeatedly asserted — that its investigation uncovered no evidence that SSN were accessed. Although I can certainly appreciate your skepticism, your references to information from a “whistleblower” are simply not sufficient basis for a responsible blogger or journalist claiming that SSN were actually accessed or acquired. Were SSN vulnerable to access? Clearly, since the database was accessed and the company acknowledges that SSN were in the database. I have no problem viewing them as left vulnerable to access or acquisition, but that stops short of proving that they were accessed.

    Could their investigation have failed to uncover evidence that SSN were accessed? Sure. But again, there’s a difference between what might have happened and demonstrating that it actually happened.

    That said, I think the settlement should operate on the assumption that the company may not have discovered the full extent of the breach and should provide more protection for everyone who had their SSN in the database — yes, even though there’s no proof that the SSN were accessed.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.