NEW: You can review and comment on the key documents, which I’ve posted in editable wiki form at http://caringaboutsecurity.wikispaces.com! Cool, huh?(I’ve not posted the less important documents to the wiki. Just exhibits A, F, and G for now.) Please take a look and provide feedback. Smile

On December 9, 2010, I filed and argued in court against the motion for preliminary approval:

Elvey_Response_to_Kreinder-TDA_offer.pdf describing our concerns.  I’d highlight them thusly:  We pushed for an effective audit.   This settlement proposal notice is misleading and poorly publicized, and so cannot be fair.  It has an audit component that to the untrained or hasty eye is meaningful compensation, but (more…)

AVPageView-05042011-100856.bmp

An actual HMG IS2 Full Accreditation Statement based on an actual ITSHC – an actual security audit by Deloitte, one of the Big Four audit firms – which demonstrates the auditor’s reputation has been put on the line, as well as the legal liability shouldered by such an audit.
Author: George McLeod, National Accreditation Manager, NPIA

Judge Walker has said that the audit component primarily benefits TD Ameritrade, not the class.  Here’s why I think a good audit component substantially benefits the class.  (more…)

The proposed settlement has been thrown out!

What did I think of the decision?

What do I want to see happen?

The media is asleep on the job?

(more…)

THE SNOWJOB TD Ameritrade’s PR goons pulled is unraveling.  UCAN’s Privacy Rights clearinghouse run by Beth Givens has corrected its database entry for the breach.  Attrition.org/datalossdb.org  have corrected their entry.  Both now indicate that social security numbers were compromised.

Today is the hearing on approval of the settlement –  at 10 AM (September 10th) in Courtroom 6, 17th Floor, 450 Golden Gate in San Francisco. Wish me and my Allied Forces luck.   I expect several parties will/won’t speak: (more…)

Ted Frank writes here that

To date, there is no evidence that the spam was connected to Ameritrade, or that a breach of Ameritrade data security that released home addresses for its customers has resulted in any harm, despite Ameritrade seeding databases with dummy spam-catcher e-mail addresses, and multiple analyses of whether identity theft had occurred.

Wow.  Is this guy actually too stupid to be allowed near a computer keyboard, or is he just trying to spin things in the usual AEI way?  This guy has an impressive reality distortion field around his head.  This is totally contradicted by the complaint, and supported by the evidence filed in the case. There is, the complaint explains, ironclad proof from a large number of computer gurus that the spam was connected to TD Ameritrade, namely that the spam was sent to unique email addresses stolen from a core TD Ameritrade customer database.  A database which TD Ameritrade has admitted got broken into and plundered.  That it admitted contained the names, addresses, social security numbers, dates of birth, and account balances of its 6.3 million customers.  But Ted Frank’s ostrich-style thinking is like that of TD Ameritrade a firm that is claiming that it’s plausible that crooks breaking into the equivalent of Fort Knox would leave the gold (the Social Security Numbers) and just take the silver (the email addresses).  That a rash of Identity Theft that began right after the breach was discovered does not constitute evidence connecting the two.

STOP znw-5#%—NO CARRIER
ABORT: -PEBCAK

Thank Yous are due to many folks who helped me in this mission. (more…)

If you have a TD Ameritrade account and use M$ Windows, you should read this Washington Post article.  Kudos to Brian Krebs; he is doing truly excellent work!

I hope to be seeking new counsel soon (i.e. new lawyers to represent me AND the class on a contingency basis). (more…)

I don’t understand why Scott Kamber, Bob Kris, and the rest at KamberEdelson and TD Ameritrade persist in attacking me, as they spent much time doing at the 9/15/08 hearing.   Their attacks to date have consisted of claims that not only are not backed up by evidence, they are actually refuted by it.

Surely, they’re too smart to not realize that persuasion only goes so far in the face of cold hard evidence. (more…)

Much is on the record now.  I just filed this brief and this declaration with the court, prepared by my new counsel.

We shred the proposed settlement.  We mention (more…)

SeekingFOUND: Heroic Whistleblower

Update (May ’10): Since early ’09, I’ve been receiving information that answers many questions about the breach.  Since notified of the breach in October ’05, TD Ameritrade launched 4 related investigations.  I know who ran each one and the detailed findings, if they come to light, will be very embarrassing to those who performed them.  All of them were apparently designed to not find anything and provide plausible deniability.  The Information Security department appeared to have ‘successfullyfailed to find what many of their customers, including several prominent ones, knew: someone was stealing massive amounts of customer PII from their computer systems.  But increasing pressure due to my lawsuit led to a fifth investigation, which found evidence of the problem.  Later investigations were also apparently designed to – and ‘successfully’ failed to – find evidence of massive identity theft due to stolen Social Security Numbers.  Those who were instrumental in these ‘successes’ were rewarded handsomely, while those who found evidence of the breach were punished severely.  I’ve updated this post to publicly provide a bit more information from the whistleblower than what I had previously disclosed.

Help!  I’m hoping a whistleblower will step up to provide additional info regarding the extent of the TD Ameritrade breach. (more…)