Ameritrade deal doesn't address massive security breach

flickr photo / TheBeej

Most of us are so accustomed to doing our banking and business online that we often don’t give much thought to security. Then we get a reminder of how not only is security still a grave concern on the Web but how some of the companies that we entrust our private information with may or may not be doing everything they can to protect us. Such is the case with TD Ameritrade, one of the leading online brokerages.

Ameritrade’s clients filed a class-action suit after a massive security breach allowed hackers access to customers’ Social Security numbers, birth dates, account numbers and email addresses. A settlement proposed between Ameritrade and its customers, however, does little to shed light on the security breach and doesn’t really do anything to make Ameritrade clients feel more secure.

Those are some of the reasons that Public Citizen, on behalf of Ameritrade customer Matthew Elvey, filed a motion in the U.S. District Court for the Northern District of California, asking the judge to reject the proposed settlement.

Ameritrade has never disclosed the extent of the security breach. Mostly the company has tried to characterize it as a case of spammers accessing the company’s email data base. This we know is true because Elvey, like other customers, received spam at an email address that was used exclusively with his Ameritrade account.

Here’s what Public Citizen attorney Greg Beck had to say about the likelihood of hackers taking email addresses and nothing else:

It’s absurd to think that hackers would steal e-mail addresses from Ameritrade’s data base, while ignoring more prized information, such as Social Security numbers and birth dates. The only people who benefit from this settlement are the plaintiffs’ lawyers – who will receive $1.8 million in fees – and Ameritrade officials who would rather pretend this security breach never happened.

Elvey wants to know what else the hackers got access to. And he wants to know what Ameritrade has done to improve security. Neither of these questions are answered in the proposed settlement.

Instead, Ameritrade is offering members of the class action suit — some 6 million customers — access to a free download of some anti-spam software, a pretty useless gesture for most customers, who most likely already have anti-spam software.

Wired has more about the settlement here.