I will make them talk. A, B, C, and D (not their real names) are all current or former members of TD Ameritrade’s InfoSec group.
Over a month ago, I filed and served a legal subpoena for their emails about the breach. I also subpoenaed all the reports by internal staff and involved outside firms, which include ID Analytics, Mandiant and Protiviti, regarding the breach, which I understand will cover at least five security audits related to investigating the breach.
But TD Ameritrade has refused to honor the subpoena – AT ALL.
The other things I subpoenaed were:
C) A copy of the circa September 18, 2007 deposition of the former TD Ameritrade CSO (Chief Security Officer) regarding this breach.
D) TD Ameritrade stated on September 15, 2008, “We know specifically when the breaches began.” We request a copy of a document disclosing that date.
E) A copy of each Letter to the Audit Committee and Letter to the Audit Committee Chairman from the company’s auditors from 2005 to 2010, inclusive. Discusson of deficiencies that could have no impact on customers could be redacted.