The District Court for the Northern District of California rejected a proposed settlement in a class action data breach case against TD Ameritrade Inc., stating that the settlement provided no value to the class. (In re TD Ameritrade Accountholder Litig., N.D. Cal., No. 3:07-cv-02852-VRW, 10/23/09.) TD Ameritrade suffered a data breach in 2007 where the personal date of approximately 6 million customers was hacked into. The rejected settlement provided approximately $1.9 million in attorneys' fees but no financial award to the class. The judge stated that requirements in the settlement for TD Ameritrade to conduct data security tests and hire independent experts to analyze the breach were measures any responsible company would take independent of litigation, and that the data security software that would be provided to the victims was available at no charge online already. TD Ameritrade suffered a data breach in 2007 where the personal date of approximately 6 million customers was hacked into. The rejected settlement provided approximately $1.9 million in attorneys' fees but no financial award to the class. The judge stated that requirements in the settlement for TD Ameritrade to conduct data security tests and hire independent experts to analyze the breach were measures any responsible company would take independent of litigation, and that the data security software that would be provided to the victims was available at no charge online already.
In a rapidly evolving area of law, this case indicates that it may be harder than you think to "get out of" a data breach case once it is initiated, providing yet another reason to get the right security in place at the outset.