Judge rejects TD Ameritrade breach settlement

In early 2007, Ed Falk, John Levine, and other trusted anti-spam and network security folks started to note that email addresses given only to TD Ameritrade were beginning to receive spam from unrelated entities.

In September 2007, TD Ameritrade disclosed that this was due to intruders breaking into a database that contained sensitive customer information (including email addresses) and that more than six million customers may have been leaked to bad guys. Oops. Even worse, other sources suggest that the issue may have been ongoing back as far as 2005 or 2006.

Yesterday, Tech Target published an update on the story. "A federal judge has denied a proposed settlement of a class-action suit filed against TD Ameritrade Inc. for a 2007 data security breach that exposed its customers' personal information." The reason for the rejection? The judge seems to be saying that the proposed settlement terms, specifically that the company wasn't doing enough on the security and auditing front.

"[The proposed] measures are security procedures any reputable company would conduct and don't benefit those affected by the breach, Walker said in a court filing Friday." Try harder, he seems to be saying.

Read the rest of the article here.

2 comments:

  1. The company responsible for the security of that info should be prosecuted & fined millions. Then they would know how sensitive customer info can be. I'm currently receiving above 100 spam emails everyday. I haven't given my email anywhere dodgy, its just that some company might have sold my details to some rogue spam company. But the problem is I don't know who did it.

    ReplyDelete
  2. Evans wrote: "I haven't given my email anywhere dodgy, its just that some company might have sold my details to some rogue spam company. But the problem is I don't know who did it."

    That's because you gave the same email address to multiple companies. I gave Ameritrade an email address of _ameritrade@{my domain}.org. Then when I got spam at that address, I knew exactly who had leaked it. Others who have leaked addresses I've given them include LifeLock (yes, I am serious), Snapfish, and J&R Music World -- as well as more than a few smaller companies and organizations.

    ReplyDelete

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.