Final Approval Granted to Ameritrade Data Security Breach Settlement

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

A federal district court in San Francisco has granted final approval to a settlement of class action claims against online investment broker Ameritrade, which allegedly failed to prevent a data security breach that exposed more than six million account holders’ private information to spammers and rendered the same information vulnerable to others.

Preliminary approval was granted to the settlement in December 2010 (CCH Privacy Law in Marketing ¶60,574).

Cash Payout, Attorneys’ Fees

Ameritrade agreed to pay a minimum of $2.5 million and a maximum of $6.5 million in claims. Under the settlement, class members are eligible for a cash payout in amounts ranging from $50 to $2,500, depending on the nature of the account affected by the breach and the specific loss incurred. Attorneys’ fees for class counsel were capped at $500,000.

The settlement class was defined as “All persons who are or were accountholders or prospective accountholders of the Company and who provided physical or email addresses to the Company on or before September 14, 2007.”

The weakness of the plaintiffs’ case weighed in favor of granting approval to the settlement, the court said. Federal courts had viewed private class actions involving data breaches with skepticism, particularly where the only alleged injury was the receipt of spam, increased risk of identity theft, or loss of the benefit of the bargain.

Prosecuting the case through trial and the appellate process would involve a large amount of risk and expense. In addition, obtaining and maintaining class action status during the course of litigation would pose considerable risks to the plaintiffs.

The settlement afforded tangible benefits to the plaintiffs that were not available in prior proposed settlements, which had been rejected by the court.

Objections, Opt Outs

Notice of the settlement had been sent to the attorney general’s office of each of the 50 states, and none had objected. Of the approximately six million class members who were mailed the notice of the settlement, only 23 had submitted objections and fewer than 200 chose to opt out.

Objections to the settlement were overruled by the court. There was no evidence that class members had been misled about the terms of the settlement by the claims administrator.

Even though the settlement did not provide for a payout to every conceivable accountholder who might have been affected by the breach in some way, the settlement was a reasonable compromise that balanced the possible recovery against the risks inherent in litigating further.

The decision is In re TD Ameritrade Account Holder Litigation.