Legal Sub-Project - Elvey v. TD Ameritrade

[David Shettler <dave () opensecurityfoundation org>]

The below linked blog post highlights an initial feature of our proposed legal
sub-project; the legal document viewer.  The document viewer allows
linking to specific paragraphs of an uploaded legal document.  For
transcripts, it also parses and colorizes the parties, making the
transcripts significantly easier to follow.

The document viewer is the only feature currently implemented of the
legal sub-project.  We’re looking for folks to help us shape the rest
of the project, including defining the scope of the project,
determining the data that should be extracted from court cases (case
status, settlement data, grounds for the case, dismissal reason,
etc.), defining how data will be gathered and entered, and more.

This sort of data could bring an entirely new dimension to DataLossDB,
and to the various industries that utilize the data.  We could, for
instance, attach costs to breaches, or understand how often a class
action suit settles vs. is dismissed vs. is tried, etc.

If you are interested, email curators () datalossdb org

And without further ado, our editorial evaluation of Elvey v. TD
Ameritrade, an ongoing class action suit regarding their 2007 breach
of over 6 million records.

http://datalossdb.org/incident_highlights/30-legal-sub-project-elvey-v-td-ameritrade

The TD Ameritrade incident of 2007 hasn’t quite been resolved -- yet.
While the breach may have been contained, the litigation is still
ongoing. A class action suit field in California in May of 2007 has
reached a preliminary settlement, but the settlement is contested by
the individual who filed the class in the first place and has been
through some extremely interesting twists and turns.
The case was filed in May of 2007, with a complaint that claimed that
TD Ameritrade was essentially selling email addresses of clients to
spammers, in violation of TD Ameritrade’s privacy policies and various
laws.
A motion for a preliminary injunction kicked things into gear in July
2007, which alleged that the spam was still ongoing, and demanded that
TD Ameritrade take steps to protect members of the class (TD
Ameritrade customers). The fact that the incident was still ongoing at
the time of the injunction was later confirmed in testimony, and it
would seem from interpreting the various testimonies in the case that
the breach was mitigated “on or about August 14th, 2007”.
Sometime thereafter, TD Ameritrade acknowledged that it had in fact
been "hacked", and that the hacker had access to names and email
addresses. During the disclosure (via a letter to customers), TD
Ameritrade also acknowledged that the database that had been breached
also contained Social Security numbers, but that TD Ameritrade had no
evidence that Social Security numbers had been taken. This spawned
another lawsuit: Brad Zigler v. TD Ameritrade. The complaint in this
new lawsuit went beyond the spam aspect, and brought into view the
potential compromise of Social Security numbers as well. In December
of 2007, the two cases became officially related.
[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php