TD Ameritrade Holding - 2007

One of TD Ameritrade's databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. "We were able to conclude that while Social Security numbers are stored in this particular database, your SSN were not retrieved." The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach. Company customers received unwanted spam because of this breach.UPDATE (4/28/09):TD Ameritrade sent a mass email on September 14, 2007 to its customers admitting SSNs had been compromised:" [W]e recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases ... to be retrieved by an external source [and] Social Security Numbers are stored in this particular database."UPDATE (10/27/09): TD Ameritrade was nearing a settlement in the case of more than six million stolen records when the judge, who previously seemed to agree with the proposal, rejected it today. The federal judge handling the case has decided the proposed settlement provides no discernible benefit to the victims and he rejected the proposed settlement.UPDATE (11/16/10): Pending approval by a U.S. District Judge, TD Ameritrade will offer between $0 and $2,500 to customers who were affected by the breach.  Customers who received spam, or were victims of criminal identity theft because a criminal who was arrested posed as them, will get $0 unless they were also victims of account-fraud-based identity theft. This settlement will cost between $2,500,000 and $6,500,000. UPDATE (10/07/2011): The settlement was approved.  Ameritrade will pay between $2,500,000 and $6,500,000.