DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TD Ameritrade settlement rejected

Posted on October 26, 2009 by Dissent

Josh Funk of Associated Press reports that Judge Vaughn Walker has rejected the settlement offer by TD Ameritrade. The settlement was in response to a hack in 2006 nd 2007 which exposed customer contact information on 6.3 million clients. According to the AP, the judge found that the deal, which would give the affected customers anti-spam software for a year and a promise of tighter security in the future, did not provide sufficient benefit to customers while providing $1.9 million in legal fees.

Back in May, I had commented that:

The settlement will not result in any money for class members but the lawyers get almost $2 million. Indeed, it’s not clear to me that the class members get anything at all out of this settlement. I guess we’ll have to wait and see the actual terms when the deal is approved.

Judge Walker had tentatively approved the deal in May and then held a hearing in September, and will be interesting to read his decision when it becomes available. What changed his mind between May and now?

No related posts.

Category: Breach IncidentsFinancial SectorHackOf Note

Post navigation

← Stolen laptops biggest danger as extent of UK data losses revealed
CalOptima Reports Potential Loss of Patient Claims Information (updated) →

3 thoughts on “TD Ameritrade settlement rejected”

  1. elvey says:
    October 28, 2009 at 11:51 pm

    Hey. I have a copy of Judge Walker’s decision on my website, along with my thoughts. See
    http://caringaboutsecurity.wordpress.com/2009/10/27/we-win-settlement-and-kamberedelson-booted/ for both. Please let me know what you think, by posting there or here. I certainly think your characterization in May of the compromised information as merely “contact information” is inappropriate! The idea that thieves, having gained full access to the database containing both, would choose to steal the email addresses only, while leaving the far more valuable SSNs, is simply farfetched, and no evidence has been introduced to support it.

    1. Matthew Elvey says:
      January 14, 2011 at 2:35 pm

      What additional proof do I have?

      1)I have a whistle blower’s word. I’m told that TD Ameritrade covered up the breach. TD Ameritrade took and continues to take steps that show bad faith in order to to **hide from discovery, shut down and discourage** efforts by customers and staff to analyze or discuss aspects of the breach, even within the company. Also, one needs to carefully parse what TD Ameritrade HAS said. Everyone willing to stick their neck out about this has already had it chopped off (speaking metaphorically; they’re no longer with the company – fired, pushed out, or quit in disgust); anyone else who cares is laying low.

      2)Also, my identity was stolen and used for new account identity theft, for the first time ever, starting the month after proof of the breach started to appear. A smoking gun? No. Evidence? Yes. AND, TDA ignored the smoking guns that showed they had been breached ’till I sued them, as I had proof.

  2. admin says:
    October 29, 2009 at 9:51 am

    Thanks, Matthew.

    It’s clear that you firmly believe that SSN were accessed and/or acquired, but where is the proof of that other than your “common sense” kind of argument? You seem to expect bloggers or the media to ignore what the company has repeatedly asserted — that its investigation uncovered no evidence that SSN were accessed. Although I can certainly appreciate your skepticism, your references to information from a “whistleblower” are simply not sufficient basis for a responsible blogger or journalist claiming that SSN were actually accessed or acquired. Were SSN vulnerable to access? Clearly, since the database was accessed and the company acknowledges that SSN were in the database. I have no problem viewing them as left vulnerable to access or acquisition, but that stops short of proving that they were accessed.

    Could their investigation have failed to uncover evidence that SSN were accessed? Sure. But again, there’s a difference between what might have happened and demonstrating that it actually happened.

    That said, I think the settlement should operate on the assumption that the company may not have discovered the full extent of the breach and should provide more protection for everyone who had their SSN in the database — yes, even though there’s no proof that the SSN were accessed.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.