The latest in a series of class action suits was filed against Scottrade in a Florida court late last week claiming that the financial brokerage failed to take appropriate measures to protect its customers' personal information that could have prevented a data breach that exposed the personal information of millions of customers.
This suit, which has Florida resident Angela Lynn Martin named as the primary plaintiff, was brought before the Circuit Court of the Sixth Judicial Circuit in and for Pasco County, Florida. The exact amount that is being sought is not yet known, but according to court documents it will be in excess of $15,000.
The plaintiff's lead attorney Tim Blood, of Dogali Law, estimated to SC Media that the number of people included in this class-action suit to be about 300,000. Overall, about 4.6 million Scottrade customers were affected by the data breach. Class action suits based on this breach also have been filed in Missouri and California.
When Scottrade began notifying its customers of the breach it offered to pay for one year of credit monitoring through AllClear ID to include a $1 million identity theft insurance policy, which Martin's lawyer said in the legal documents, “does not provide comprehensive protection to the affected customers.”
The plaintiffs also claim in the suite that Scottrade did not notify those affected as quickly as possible, pointing out that the FBI told Scottrade of the hack on about September 25, 2015, but the company waited a week before sending out any notices informing them of the breach.
The court documents state that between September 2013 to February 2014 hackers were able to access and export its customer's personally identifiable information. Specifically, it is stated that Martins' information was taken and used by unauthorized individuals causing her financial harm.
Martins' lawyers are arguing that Scottrade did not enact strict enough cybersecurity protocols to protect her and the other plaintiff's data as the company was contractually obligated.
The court documents noted that the Scottrade hack took place when one hacker provided another with a single account login, which that person was then able to use to gain access to Scottrade's entire network.
“Once inside Scottrade's networks, the hackers had the ability to move from application to application until they found the sensitive data they desired. The hackers too the PII for the purposes of building their own customer database for marketing and brokering stock transactions,” the court documents stated.
The end result of the scheme was to use the Scottrade customer data as part of a stock manipulation scheme that netted the hackers millions of dollars.
In other Scottrade news, Scottrade Bank publicly confirmed that the personal information of 20,000 customers was inadvertently left open to the public when a third-party vendor uploaded a file to a server without putting the proper security protocols in place.
Scottrade has not responded to a request by SC Media to respond for this story.