Legal Sub-Project - Elvey v. TD Ameritrade
2009-06-14 by d2d
The TD Ameritrade incident of 2007 hasn’t quite been resolved -- yet. While the breach may have been contained, the litigation is still ongoing. A class action suit field in California in May of 2007 has reached a preliminary settlement, but the settlement is contested by the individual who filed the class in the first place and has been through some extremely interesting twists and turns.
The case was filed in May of 2007, with a complaint that claimed that TD Ameritrade was essentially selling email addresses of clients to spammers, in violation of TD Ameritrade’s privacy policies and various laws.
A motion for a preliminary injunction kicked things into gear in July 2007, which alleged that the spam was still ongoing, and demanded that TD Ameritrade take steps to protect members of the class (TD Ameritrade customers). The fact that the incident was still ongoing at the time of the injunction was later confirmed in testimony, and it would seem from interpreting the various testimonies in the case that the breach was mitigated “on or about August 14th, 2007”.
Sometime thereafter, TD Ameritrade acknowledged that it had in fact been "hacked", and that the hacker had access to names and email addresses. During the disclosure (via a letter to customers), TD Ameritrade also acknowledged that the database that had been breached also contained Social Security numbers, but that TD Ameritrade had no evidence that Social Security numbers had been taken. This spawned another lawsuit: Brad Zigler v. TD Ameritrade. The complaint in this new lawsuit went beyond the spam aspect, and brought into view the potential compromise of Social Security numbers as well. In December of 2007, the two cases became officially related.
In early 2008, a new judge was assigned to the case. Several months later, the two cases merged, and a request to have a settlement approved was filed by the plaintiffs (on May 30, 2008). Both sides seemed in agreement at the time. Days later, at a proceeding, that agreement appeared to have dissolved. One of the class representatives, Matthew Elvey, the individual who had originally filed the case in May 2007, opposed the settlement -- even though he had signed it days prior. Mr. Elvey stated that he had been threatened, which is why he agreed to sign the settlement. His opposition claimed that the settlement was not fair, that he had been an identity theft victim as a result of the TD Ameritrade breach, and that some of the reasoni
... [CONTINUED...]Recent Articles
- » 2009-06-09 - Credit Cards, BreachCenter, T-Mobile, Oh My...
- » 2009-05-31 - Oldest Data Loss Incident - Contest Winners
- » 2009-05-08 - New York, Contest, and SC Magazine Award
Support OSF Data Loss
OSF needs your support! You can support OSF's DataLossDB in several ways, such as contributing news articles about data loss incidents or by updating older incidents as new information becomes available. Financial donations, which will support hosting, hardware upgrades, and advertising are also appreciated. If you wish to make a donation, please do so via the Google checkout link below.
About OSF Data Loss
DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one, and with the move to Open Security Foundation's DataLossDB.org, asks for contributions of new incidents and new data for existing incidents. For any questions about this site or the data contained within the site, please contact curators@datalossdb.org.
Latest Incidents
| records | date | organizations |
|---|---|---|
| 6,000 | 2009-06-30 | Sutter Health |
| 810 | 2009-06-26 | Massachusetts Technology Collaborative |
| 2,828 | 2009-06-24 | Florida Department of Revenue |
| 0 | 2009-06-24 | Norfolk Redevelopment and Housing Authority |
| 0 | 2009-06-24 | Oklahoma Commission for Teachers Preparation |
| 250,000 | 2009-06-24 | University of Alberta Hospital |
| 45,277 | 2009-06-23 | Cornell University |
| 75,000 | 2009-06-17 | Bord Gáis |
| 0 | 2009-06-15 | Beam Global Spirits & Wine Inc |
| 50 | 2009-06-14 | Custom House Coffee |
Search
Largest Incidents
| records | date | organizations |
|---|---|---|
| 94,000,000 | 2007-01-17 | TJX Companies Inc. |
| 90,000,000 | 1984-06-01 | TRW, Sears Roebuck |
| 40,000,000 | 2005-06-19 | CardSystems, Visa, MasterCard, American Express |
| 30,000,000 | 2004-06-24 | America Online |
| 26,500,000 | 2006-05-22 | U.S. Department of Veterans Affairs |
| 25,000,000 | 2007-11-20 | HM Revenue and Customs, TNT |
| 17,000,000 | 2008-10-06 | T-Mobile, Deutsche Telekom |
| 16,000,000 | 1986-11-01 | Canada Revenue Agency |
| 12,500,000 | 2008-05-07 | Archive Systems Inc, Bank of New York Mellon |
| 11,000,000 | 2008-09-06 | GS Caltex |
From the Blotter
| date | title |
|---|---|
| 2009-07-03 | Billions stolen in online robbery |
| 2009-07-01 | Florida third in ID theft |
| 2009-06-29 | Identity Theft Ring Busted In Sanford |
| 2009-06-29 | Security of fliers' personal data questioned |
| 2009-06-29 | New law protects Alaskans against identity theft |
| 2009-06-29 | Identity theft among the fastest-growing offences |
| 2009-06-27 | Effects of Clear program closing unclear to users, federal officials |
| 2009-06-26 | Del. consumer safety gets help from settlement in data theft |
| 2009-06-25 | 2 more charged in ID theft case |
| 2009-06-24 | State Worker Pleads Guilty in Identity Theft |
Breach Types:
- Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
- Email | Fraud Se | Hack | Lost Computer
- Lost Document | Lost Drive | Lost Laptop | Lost Media
- Lost Tape | Missing Laptop | Snail Mail | Stolen Computer
- Stolen Document | Stolen Drive | Stolen Laptop | Stolen Media
- Stolen Tape | Unknown | Virus | Web