BreachExchange mailing list archives
Legal Sub-Project - Elvey v. TD Ameritrade
From: David Shettler <dave () opensecurityfoundation org>
Date: Sun, 14 Jun 2009 12:45:08 -0400
The below linked blog post highlights an initial feature of our proposed legal sub-project; the legal document viewer. The document viewer allows linking to specific paragraphs of an uploaded legal document. For transcripts, it also parses and colorizes the parties, making the transcripts significantly easier to follow. The document viewer is the only feature currently implemented of the legal sub-project. We’re looking for folks to help us shape the rest of the project, including defining the scope of the project, determining the data that should be extracted from court cases (case status, settlement data, grounds for the case, dismissal reason, etc.), defining how data will be gathered and entered, and more. This sort of data could bring an entirely new dimension to DataLossDB, and to the various industries that utilize the data. We could, for instance, attach costs to breaches, or understand how often a class action suit settles vs. is dismissed vs. is tried, etc. If you are interested, email curators () datalossdb org And without further ado, our editorial evaluation of Elvey v. TD Ameritrade, an ongoing class action suit regarding their 2007 breach of over 6 million records. http://datalossdb.org/incident_highlights/30-legal-sub-project-elvey-v-td-ameritrade The TD Ameritrade incident of 2007 hasn’t quite been resolved -- yet. While the breach may have been contained, the litigation is still ongoing. A class action suit field in California in May of 2007 has reached a preliminary settlement, but the settlement is contested by the individual who filed the class in the first place and has been through some extremely interesting twists and turns. The case was filed in May of 2007, with a complaint that claimed that TD Ameritrade was essentially selling email addresses of clients to spammers, in violation of TD Ameritrade’s privacy policies and various laws. A motion for a preliminary injunction kicked things into gear in July 2007, which alleged that the spam was still ongoing, and demanded that TD Ameritrade take steps to protect members of the class (TD Ameritrade customers). The fact that the incident was still ongoing at the time of the injunction was later confirmed in testimony, and it would seem from interpreting the various testimonies in the case that the breach was mitigated “on or about August 14th, 2007”. Sometime thereafter, TD Ameritrade acknowledged that it had in fact been "hacked", and that the hacker had access to names and email addresses. During the disclosure (via a letter to customers), TD Ameritrade also acknowledged that the database that had been breached also contained Social Security numbers, but that TD Ameritrade had no evidence that Social Security numbers had been taken. This spawned another lawsuit: Brad Zigler v. TD Ameritrade. The complaint in this new lawsuit went beyond the spam aspect, and brought into view the potential compromise of Social Security numbers as well. In December of 2007, the two cases became officially related. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Legal Sub-Project - Elvey v. TD Ameritrade David Shettler (Jun 14)