Judge rejects TD Ameritrade breach settlement

By SearchFinancialSecurity.com Staff 28 Oct 2009 | SearchFinancialSecurity.com

Digg This!     StumbleUpon     Del.icio.us

A federal judge has denied a proposed settlement of a class-action suit filed against TD Ameritrade Inc. for a 2007 data security breach that exposed its customers' personal information.

In his ruling in San Francisco last week, U.S. District Chief Judge Vaughn Walker cited concerns with the security measures offered by TD Ameritrade in the proposed settlement. The brokerage offered to retain an independent expert to conduct penetration tests to determine whether its information security system has vulnerabilities, hire ID Analytics to determine whether the breach resulted in identity theft for those affected by the incident, and also provide them with a one-year subscription or one-year renewal for an antivirus or antispam product.

The first two measures are security procedures any reputable company would conduct and don't benefit those affected by the breach, Walker said in a court filing Friday.

"While it is obvious that, as a large company that deals in sensitive personal information, penetration and data breach tests should be routine practices of TD Ameritrade 's department that handles information security, it is not clear that such tests benefit the class," he wrote. He added that he wasn't convinced the procedures - which he called temporary fixes - prove that "the company has corrected or will address the security of client data in any serious way, let alone provide any discernable benefits for the class."

The offer of security software also offers little benefit to customers affected by the breach, including those who already own such software or who use free anti-spam services, Walker said.

In September of 2007, TD Ameritrade disclosed that intruders broke into a database that included sensitive customer information; more than 6 million customers reportedly were affected. The company discovered the attack because some customers complained about receiving spam targeted TD Ameritrade customers.

Walker ordered both sides involved in the lawsuit to meet on Dec. 10 to discuss scheduling and other matters.

Tags: Spam, phishing and social engineering attacks,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Spam, phishing and social engineering attacks Notorious spammer sentenced in stock fraud scam FDIC warns of bogus emails Two Romanians suspected in phishing scheme extradited to U.S. Social engineering tests should make sense, not headlines Zeus Trojan hitting banking customers hard Five considerations for choosing network access control products Proposed expansion of top-level domains generates security concerns Online scammers exploit bank brands and consumers' financial woes BITS releases guide for implementing email authentication protocols Banks using Twitter need to proceed with caution, experts say

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary