By Josh Funk
AP Business Writer
OMAHA, Neb. (AP) -- Millions of current and former TD Ameritrade customers whose contact information may have been stolen more than three years ago will be eligible to receive as much as $2,500 under a new proposed settlement agreement.
But it's not clear how many of the 6.2 million TD Ameritrade customers affected will be able to collect anything under the proposed settlement outlined in court documents filed Monday, because the payments will only be offered to identity-theft victims. And most of the payments, which would range between $50 and $2,500 per person, will likely be less than the maximum.
A federal judge who rejected an earlier settlement agreement also must approve the deal.
The new proposed settlement, which is the second attempt at resolving the lawsuit, will cost Ameritrade between $2.5 million and $6.5 million. If claims worth more than $6.5 million are submitted, the payments to individuals and the plaintiffs' lawyers will be reduced.
The Omaha-based company disclosed the breach in September 2007. Anyone who held an Ameritrade account or provided an e-mail address to the company before then could have been affected by the data theft.
Ameritrade spokeswoman Kristin Petrick said the company believes the settlement is fair and hopes the judge will approve the deal.
The plaintiffs said in the lawsuit that they received unwanted stock e-mail ads. The ads appeared to be designed to manipulate the value of thinly traded stocks.
Last year, U.S. District Judge Vaughn Walker in San Francisco rejected an earlier class-action settlement because it didn't do enough to benefit the Ameritrade customers affected. A hearing on the new settlement is scheduled for Dec. 23.
The initial settlement that was rejected offered customers only anti-spam software and a promise of tighter security at TD Ameritrade. Under that deal, the plaintiffs' lawyers were set to receive nearly $1.9 million in legal fees.
The new settlement will provide cash payments between $50 and $2,500 to affected Ameritrade customers who suffered identity theft and submit a claim. The amount people will receive would be determined by the extent of the identity theft they experienced.
Plaintiffs' attorney Gretchen Nelson said it's difficult to prove an identity theft was caused by a particular data breach, so the settlement is designed to allow for that.
Ameritrade's Petrick said customers won't have to prove their identity theft problems were related to the data theft. As long as people can show they were Ameritrade customers and suffered identity theft from an unknown cause, they will be able to submit a claim for payment.
Customers who only received unwanted stock e-mail would not be eligible for any compensation under the new settlement.
Under the new settlement, attorneys' fees are capped at $500,000.
If the claims submitted and attorneys' fees in the settlement add up to less than $2.5 million, Ameritrade will donate any remaining money up to $2.5 million to nonprofit groups concerned about privacy rights, such as the Electronic Privacy Information Center.
The total cost of the new settlement is limited to $6.5 million, and Petrick said it will not have a material impact on Ameritrade's earnings. The deal also calls for Ameritrade to hire an independent expert to evaluate its information technology security measures.
TD Ameritrade revealed the data theft in September 2007, but company officials have not discussed many details of the breach.
The company did store sensitive information, including Social Security numbers and account numbers, in the database that was hacked. But officials have said that information does not appear to have been taken.
TD Ameritrade officials have said they were confident the company had identified how the information was stolen and had changed its computer code enough to prevent the theft from recurring.
The company has said other Ameritrade databases, where information such as passwords, user IDs and personal identification numbers are kept, were not violated.
Published: Thu, Nov 18, 2010
