TD Ameritrade data theft settlement nears approval

September 10, 2009 By JOSH FUNK , AP Business Writer

(AP) -- The settlement over contact information stolen from online brokerage TD Ameritrade Holding Corp. is nearing approval, but the more than 6 million current and former customers affected will have to wait a little while longer.

A hearing on the settlement was held Thursday, but U.S. District Judge Vaughn Walker in San Francisco did not rule on the deal, which offers customers anti-spam software and a promise of tighter security at TD Ameritrade.

Walker, who gave preliminary approval to the settlement in May, is expected to issue his final ruling later.

"We are looking forward to the judge's ruling," said Scott Kamber, one of the lead plaintiff's attorneys.

An Ameritrade spokeswoman did not immediately respond to a message left on Thursday, but company officials have said they were settling the case to resolve it in a timely manner. Ameritrade does not admit any wrongdoing in the settlement.

Anyone who held an Ameritrade account or provided an e-mail address to the company before Sept. 14, 2007, will be able to benefit from the settlement. The breached database included information on 6.2 million current and former customers.

The plaintiffs said in the lawsuit that they received unwanted stock e-mail ads. The ads appeared to be designed to manipulate the value of thinly traded stocks.

No identity theft has been linked to this data breach.

As part of the proposed settlement, the Omaha-based company will pay nearly $1.9 million in legal fees and cover the cost of one year of anti-spam service for the victims. Ameritrade also promised to better protect customer data.

Several of the benefits of the settlement have already been provided. But the Trend Micro anti-spam software Ameritrade agreed to provide won't be available until after final approval.

Ameritrade hired ID Analytics Inc., which has expertise in identity theft, to help investigate. ID Analytics has checked Ameritrade's customer data against other databases four times and found no evidence of organized identity theft. The settlement calls for ID Analytics to provide at least one more check after the deal gets final approval.

TD Ameritrade revealed the data theft in September 2007, but officials have not discussed many details of the breach.

The company did store sensitive information, including Social Security numbers and account numbers, in the database that was hacked. But officials have said that information does not appear to have been taken.

TD Ameritrade officials have said they were confident the company had identified how the information was stolen and had changed its computer code enough to prevent the theft from recurring.

The company has said other Ameritrade databases where information such as passwords, user IDs and personal identification numbers are kept were not violated.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.