Ameritrade Hack Settlement: $2 Per Victim, $1.8 Million for Lawyers

Submitted by MacRonin on July 12, 2008 - 10:07pm

Ameritrade Hack Settlement: $2 Per Victim, $1.8 Million for Lawyers - Via Threat Level:

A proposed agreement to settle a class action lawsuit to compensate as many as 6.3 million TD Ameritrade customers whose data was stolen by hackers would cost the Nebraska online brokerage firm less than $2 per victim and at least $1.8 million in fees to the attorneys who brokered the deal, according to an analysis of federal court documents filed Friday.

"The settlement provides the class members with fair, reasonable and adequate compensation for their claims," wrote lead counsel for the plaintiffs, Scott Kamber of KamberEdelson in New York.

Kamber, in a court filing (.pdf) in San Francisco federal court on Friday, is requesting $1,360 an hour -- $1.8 million and counting for time worked by him and others in his and other firms for bringing the case and negotiating a proposed settlement to the breach-of-privacy class action.

The court filings came in response to a request by U.S. District Judge Vaughn Walker, who last month scuttled the proposed settlement agreement. Walker wanted an hourly accounting of the proposed legal fees, which are not unusually high by class action standards.

Most important, Walker was concerned the settlement agreement might not provide any real benefits to the customers whose data was stolen.

The data theft, disclosed in September, gave hackers access to customer names, phone numbers, e-mail accounts and home addresses. There is "no evidence" Social Security or account information was compromised, according to Ameritrade. According to the settlement, there is no "evidence of identity theft." Customers fell victim, however, to spam attacks.

The settlement agreement, while also demanding heightened data security, does not spell out whether lax security was cause for the breach. ID Analytics, a company specializing in identifying organized identity theft, and has been retained by Ameritrade to monitor security. The deal also demands that Ameritrade assist victims of identity theft at rewinding their financial mess.

A central element to the agreement is a provision giving affected customers a one-year subscription to spam-blocking software. The Trend Micro Internet Security Pro retails for about $70. TD Ameritrade said it struck a deal with Trend Micro to service the settlement agreement for about $6 million, the parties told Walker in court briefs on Friday. A solution for those using Apple computers was added to the deal.

In all, lawyers in the case said Ameritrade is likely to spend $10 million on the deal. With attorney's fees, the deal is expected to run the Nebraska company $12 million, or about $2 for every affected customer covered by the lawsuit.

"It is my understanding from information and belief that TD Ameritrade's cost associated with this settlement are well in excess of the $6 million paid to Trend Micro," Kamber wrote Judge Walker. "Considering an undisclosed cost of ID Analytics as well as costs to comply with enhanced security, I believe the total costs of this settlement will approach $10 million."

In an unusual twist, lead plaintiff Matthew Elvey, an IT computer consultant who signed the agreement, now says it's not good for customers and that he was "threatened" by his lawyers into signing it. Kamber wrote (.pdf) Walker, saying such a statement was a "meritless accusation."

Elvey, in a telephone interview, said Kamber's declaration was "chock full of half-truths and outright lies."

No arrests have been reported in the Ameritrade breach.

See Also:


(Read Original Article - Via Threat Level.)

Bookmark/Search this post with: