New York, NY: A data breach class action lawsuit has been filed against the discount brokerage house Scottrade Inc, alleging the company failed to take adequate action to protect its customer' data. Scottrade announced last week that between late 2013 and early 2014 approximately 4.6 million users had their personal information, possibly including their Social Security numbers, targeted in a data breach.
Filed by plaintiff Stephen Hine, the lawsuit states that Scottrade was negligent in failing to exercise reasonable security precautions and failing to comply with industry standards for storing confidential and private personal information. Further, the suit alleges Scottrade' email notification to customers affected by the breach was "woefully inadequate and vague,"given that their information might be sold on the black market or used in stock scams and other financial frauds.
Specifically, the lawsuit states, "cottrade' actions and/or omissions occurred despite prior warnings, including prior incursions of their network by third parties, who conducted fraudulent stock trades using Scottrade' customer' accounts, and even fines from government agencies concerning its system' security procedures and oversight."
The plaintiff contends that had Scottrade heeded warnings and taken necessary precautions, the data breach could have been prevented or, at a minimum, predicted it much sooner and reduced the harm to its customers.
In its announcement, Scottrade stated that those responsible for the attack appeared to have targeted names and mailing addresses, but it couldn't rule out the possibility that email addresses and other "sensitive data"had been stolen.
The lawsuit goes on to allege that many of the customers affected won't receive email notifications from Scottrade as they have changed email addresses or used a different email address. Furthermore, the emails sent are materially misleading and don't fully disclose the scope of the threat to Scottrade' customers, the lawsuit states.
"The database accessed, however, contains, among other things, Social Security numbers, email addresses and other 'sensitive data' (which is not defined in the email),"the complaint states. "It is highly unlikely that the hackers, having access to the above information, would only take the affected customer' name and email address."
According to the complaint, as a financial institution and U.S. Securities and Exchange Commission registered broker dealer, Scottrade had a "special duty"to exercise reasonable care to protect and secure the personal and financial information of its customers.
"cottrade should have known to take precaution to secure its customers' data, given its special duty, especially in light of the recent data breaches affecting numerous retailers and financial institutions, as well as from prior direct breaches of its secured networks,"the complaint states.
Hine is represented by E. Elliot Adler of Adler Law Group APC, Timothy D. Cohelan and J. Jason Hill of Cohelan Khoury & Singer, and Geoff Spreter of Spreter Legal Services APC. The case is Hine v. Scottrade Inc., case number 3:15-cv-02213, in the U.S. District Court for the Southern District of California.
