Settlement OK’d over hacking into financial firm

[Jake Kouns <jkouns () opensecurityfoundation org>]

Settlement OK’d over hacking into financial firm
http://billingsgazette.com/news/local/crime-and-courts/article_6341f994-d00d-11de-bfda-001cc4c03286.html

A federal judge approved a settlement Thursday in a class action
lawsuit against D.A. Davidson & Co. over clients’ information that was
compromised by a computer hacker almost two years ago.

Chief U.S. District Judge Richard Cebull called the agreement “fair
and reasonable.”

The settlement could affect 226,000 current and former customers;
about 90,000 of them are Montana residents.

The civil settlement makes available $1 million to class members for
reimbursement if they suffer losses through identity theft. The
agreement also gives class members until June 2011 to file a claim for
losses.

“This case was about peace of mind,” said John Heenan, a Billings
attorney who represented the plaintiffs. Now investors know money is
available if they have expenses or losses, he said.

D.A. Davidson’s attorney, Jim Goetz of Bozeman, said the company is
pleased with the agreement. The company took immediate steps to
protect its customers after learning of the security breach by
providing on its own two years of credit protection monitoring, he
said. So far, there has been no evidence of losses from identity
theft. “This is insurance just in case,” Goetz said.

On Dec. 20, 2007, a D.A. Davidson database of confidential personal
and financial information of current and former clients was hacked
using sophisticated techniques. The company learned of the problem on
Jan. 16, 2008, immediately contacted law enforcement and other
regulators and hired a forensic security consultant to investigate.
The hacker did not gain access to the company’s operating systems or
account information, and no trading accounts were affected.

The settlement is the result of more than a year of negotiations
between parties after lawsuits were filed.

The parties reached a preliminary agreement in August. A few class
members objected to the proposed settlement, but only one of the
objections was determined to be substantial. In a mediation session on
Tuesday before U.S. Magistrate Judge Carolyn Ostby, the problems were
resolved.  At the request of the plaintiffs, the deadline for filing a
claim was extended.

[..]

Reference:
http://datalossdb.org/incidents/899-hacked-database-contains-names-social-security-numbers-and-account-information-for-226-000
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php