alt="Security Policies Procedures" vspace=3 align=right
longDesc="Security Manual Template - Sarbanes-Oxley">A federal judge has
rejected a proposed settlement by TD Ameritrade Inc. in a data breach lawsuit.
That marks the second time in recent months that a court has weighed in on what
it considers basic security standards for protecting data. The case stems from a
2007 breach that exposed more than 6 million customer records.

The federal
judge did not find the proposed settlement to be “fair, reasonable, or
adequate.” Rather than benefiting those directly affected by the breach,
Ameritrade’s proposed settlement was designed largely to benefit the company.
The judge described the additional security measures that Ameritrade proposed in
the settlement as “routine practices” that any reputable company should be
taking anyway and should be defined in their normal security policies and

September 2007, Ameritrade said that the names, addresses, phone numbers, and
trading information of potentially all of its more than 6 million retail and
institutional customers at that time had been compromised by an intrusion into
one of its databases. The stolen information was later used to spam those

As part of
an effort to settle claims arising from that incident, Ameritrade this May said
it would retain an independent security expert to conduct penetration tests of
its networks to look for vulnerabilities.

The company
also offered to retain the services of an analytics firm to find out whether any
of the data that had been compromised in the breach had been used for identity
theft purposes. The company also said it would give affected customers a
one-year subscription for antivirus and anti-spam software.

Post Your Resume to 65+ Job Sites
Resume Service

Post to Twitter Tweet This Post