TD Ameritrade settles lawsuit over major breach

A U.S. District Court judge has approved a settlement stemming from the 2007 TD Ameritrade breach that exposed the personal information of some 6.3 million customers, two years after a deal was shot down because it didn't benefit the plaintiffs enough.

The settlement, which recently received a final sign-off after being approved by a California federal judge last month, allows individuals who fell victim to identity theft to collect between $50 and $2,500, according to an Associated Press report. TD Ameritrade will pay between $2.5 million and $6.5 million under the agreement.

The Omaha, Neb.-based brokerage revealed in September 2007 that the names and contact details of its customers were exposed when hackers infiltrated a database. No Social Security numbers, account information or other sensitive information was hijacked in the attack, and the company maintains that no identity theft resulted because of the breach.

But the company decided to revise the settlement to include compensation its clients, even though the brokerage believes the incident is not responsible for any accounts that may have been compromised due to identity theft, spokeswoman Kim Hillyer told SCMagazineUS.com on Tuesday in an email.

"While we believe that theft did not occur as a result of this issue, we elected to be accommodative, rather than exclusive, in the interest of helping ease client concerns," she said.

The 2009 proposed deal would have provided one year of free anti-spam services to victims and forced TD Ameritrade to implement better security, as well as pay $1.9 million in legal fees. Some individuals had complained they received pump-and-dump stock spam after the breach, though there appeared to be no instances of identity fraud.

But a federal judge in San Francisco ruled at the time that the proposal did not provide "discernible" benefit to the plaintiffs.