In early 2007, Ed Falk, John Levine, and other trusted anti-spam and network security folks started to note that email addresses given only to TD Ameritrade were beginning to receive spam from unrelated entities.
In September 2007, TD Ameritrade disclosed that this was due to intruders breaking into a database that contained sensitive customer information (including email addresses) and that more than six million customers may have been leaked to bad guys. Oops. Even worse, other sources suggest that the issue may have been ongoing back as far as 2005 or 2006.
Yesterday, Tech Target published an update on the story. "A federal judge has denied a proposed settlement of a class-action suit filed against TD Ameritrade Inc. for a 2007 data security breach that exposed its customers' personal information." The reason for the rejection? The judge seems to be saying that the proposed settlement terms, specifically that the company wasn't doing enough on the security and auditing front.
"[The proposed] measures are security procedures any reputable company would conduct and don't benefit those affected by the breach, Walker said in a court filing Friday." Try harder, he seems to be saying.
Read the rest of the article here.