I will make them talk. A, B, C, and D (not their real names) are all current or former members of TD Ameritrade’s InfoSec group.

Over a month ago, I filed and served a legal subpoena for their emails about the breach.  I also subpoenaed all the reports by internal staff and involved outside firms, which include ID Analytics, Mandiant and Protiviti, regarding the breach, which I understand will cover at least five security audits related to investigating the breach.

But TD Ameritrade has refused to honor the subpoena – AT ALL.

The other things I subpoenaed were:

C) A copy of the circa September 18, 2007 deposition of the former TD Ameritrade CSO (Chief Security Officer) regarding this breach.

D) TD Ameritrade stated on September 15, 2008, “We know specifically when the breaches began.” We request a copy of a document disclosing that date.

E) A copy of each Letter to the Audit Committee and Letter to the Audit Committee Chairman from the company’s auditors from 2005 to 2010, inclusive. Discusson of deficiencies that could have no impact on customers could be redacted.

I called the Claims Administrator yesterday, at 1-888-749-8173. The firm is well known in its field: Rosenthal & Co, which part of Computershare.  What a fiasco!

WarningDO NOT USE the information (more…)

NEW: You can review and comment on the key documents, which I’ve posted in editable wiki form at http://caringaboutsecurity.wikispaces.com! Cool, huh?(I’ve not posted the less important documents to the wiki. Just exhibits A, F, and G for now.) Please take a look and provide feedback. Smile

On December 9, 2010, I filed and argued in court against the motion for preliminary approval:

Elvey_Response_to_Kreinder-TDA_offer.pdf describing our concerns.  I’d highlight them thusly:  We pushed for an effective audit.   This settlement proposal notice is misleading and poorly publicized, and so cannot be fair.  It has an audit component that to the untrained or hasty eye is meaningful compensation, but (more…)

AVPageView-05042011-100856.bmp

An actual HMG IS2 Full Accreditation Statement based on an actual ITSHC – an actual security audit by Deloitte, one of the Big Four audit firms – which demonstrates the auditor’s reputation has been put on the line, as well as the legal liability shouldered by such an audit.
Author: George McLeod, National Accreditation Manager, NPIA

Judge Walker has said that the audit component primarily benefits TD Ameritrade, not the class.  Here’s why I think a good audit component substantially benefits the class.  (more…)

The proposed settlement has been thrown out!

What did I think of the decision?

What do I want to see happen?

The media is asleep on the job?

(more…)

THE SNOWJOB TD Ameritrade’s PR goons pulled is unraveling.  UCAN’s Privacy Rights clearinghouse run by Beth Givens has corrected its database entry for the breach.  Attrition.org/datalossdb.org  have corrected their entry.  Both now indicate that social security numbers were compromised.

Today is the hearing on approval of the settlement –  at 10 AM (September 10th) in Courtroom 6, 17th Floor, 450 Golden Gate in San Francisco. Wish me and my Allied Forces luck.   I expect several parties will/won’t speak: (more…)

Thank Yous are due to many folks who helped me in this mission. (more…)