A U.S. District Court judge on Monday denied a proposed lawsuit settlement over the 2007 TD Ameritrade breach that exposed the personal information of some 6.3 million customers.
The Omaha, Neb.-based brokerage revealed in September 2007 that the names and contact details of its customers were exposed when hackers infiltrated a database. No Social Security numbers, account information or other sensitive information was hijacked in the attack, discovered by the company several weeks ago.
The proposed settlement, reached earlier this year, would have provided one year of free anti-spam services to victims and forced TD Ameritrade to implement better security, as well as pay $1.9 million in legal fees, according to published reports. Some individuals had complained they received pump-and-dump stock spam after the breach, though there appeared to be no instances of identity fraud.
But Judge Vaughn Walker, sitting in San Francisco, ruled that the deal did not provide "discernible" benefit to the plaintiffs, according to an Associated Press report on Monday.
A spokeswoman for the brokerage firm disagreed.
"We were disappointed with the decision, as we felt that the proposed settlement agreement was fair and reasonable and would have provided significant benefits to the members of the class," TD Ameritrade spokeswoman Kim Hillyer told SCMagazineUS.com on Monday in an email. "The ruling was not based on the merits of the plaintiffs' case or our defenses, nor did the court decide that we did anything wrong or have any liability in the case, and we are confident that the claims against us will ultimately be resolved in our favor."
She said a case conference is planned for December.
A lawyer representing the plaintiffs did not immediately respond to a request for comment.