The judge presiding over the TD Ameritrade lawsuit has rejected a settlement he himself had pre-approved nearly three months ago. I can see how instances can justify the various data security measures companies across the US are choosing to take, despite their seemingly "heinous" upfront costs. (A drop in the bucket if Lady Fortuna decides to frown on you.)
I had mentioned the settlement earlier in the year, and noted how a seemingly little breach (only e-mail addresses were exposed after all) would cost TD Ameritrade something like $8 million, taking into account some assumptions. Now, the same judge--having gone over the actual settlement language?--has decided that it doesn't do much for the actual plaintiffs. For example, the three main "benefits" of the settlement are: Hiring a company to test TD Ameritrade's security Checking for identity theft related to the company's data breach One year of anti-spam service to victims It doesn't take an expert to see that only that last one would be of true benefit to victims. The first, for example, doesn't benefit victims at all, unless one argues that it will lead to better security overall, and its effects trickle down to victims--if they choose to remain with TD Ameritrade. Plus, spam is like an unending river: it's not going to stop after one year, so I doubt the third one is of great benefit if you consider the long term.
I had mentioned the settlement earlier in the year, and noted how a seemingly little breach (only e-mail addresses were exposed after all) would cost TD Ameritrade something like $8 million, taking into account some assumptions.
Now, the same judge--having gone over the actual settlement language?--has decided that it doesn't do much for the actual plaintiffs.
For example, the three main "benefits" of the settlement are:
It doesn't take an expert to see that only that last one would be of true benefit to victims. The first, for example, doesn't benefit victims at all, unless one argues that it will lead to better security overall, and its effects trickle down to victims--if they choose to remain with TD Ameritrade.
Plus, spam is like an unending river: it's not going to stop after one year, so I doubt the third one is of great benefit if you consider the long term.
I found the following to be of interest: supposedly, insurance would have covered most of the costs of the proposed settlement. Seeing how the anti-spam service would have constituted the majority of the costs (at least, I assume so. With 6.2 million affected, the numbers definitely lean towards it), I take it to mean that some insurance company would be paying for it. I find this interesting because I think it is the first time I've come across a company that has referred to insurance covering a data breach. Such insurance products have been around for some time (they were beginning to really take off a couple of years back, when identity theft and data breaches were really beginning to come into the national consciousness), but any news related to them dropped off the radar soon after. Insurance cannot protect data, obviously (by definition, insurance getting involved means data protection was nullified). But, it could very well be part of a company's data security arsenal, just like encryption software from AlertBoot. After all, data security can never be 100% effective, so if you're smart, you would have some type of backup plan.
I found the following to be of interest: supposedly, insurance would have covered most of the costs of the proposed settlement. Seeing how the anti-spam service would have constituted the majority of the costs (at least, I assume so. With 6.2 million affected, the numbers definitely lean towards it), I take it to mean that some insurance company would be paying for it.
I find this interesting because I think it is the first time I've come across a company that has referred to insurance covering a data breach.
Such insurance products have been around for some time (they were beginning to really take off a couple of years back, when identity theft and data breaches were really beginning to come into the national consciousness), but any news related to them dropped off the radar soon after.
Insurance cannot protect data, obviously (by definition, insurance getting involved means data protection was nullified). But, it could very well be part of a company's data security arsenal, just like encryption software from AlertBoot. After all, data security can never be 100% effective, so if you're smart, you would have some type of backup plan.
Related Articles and Sites:http://www.databreaches.net/?p=7991http://cbs13.com/wireapnewsca/Judge.rejects.TD.2.1271078.htmlhttp://www.chicagotribune.com/business/sns-ap-us-broker-data-theft,0,6059556.story