September 23, 2019

September 23, 2019

Subscribe to Latest Legal News and Analysis

September 20, 2019

Subscribe to Latest Legal News and Analysis

Strike Suit Offers Conjectures, And Little More, About Scottrade Data Breach

As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a number of financial services companies that had been victimized by data thieves.  That very same day saw the first class action complaint arising from the breach was filed in federal court in San Diego.  Given the haste of the filing, the complaint unsurprisingly offers little more than conjecture about what took place.  Plaintiff’s allegations parrot facts reported by Brian Krebs – that the breach was detected by government investigators, did not compromise or access Scottrade’s trading platform, and appeared only to have resulted in the theft of names and addresses, despite hackers apparently having access to customers’ Social Security Numbers.  Thus, even though it was unclear whether Social Security Numbers had been stolen, Scottrade offered free credit monitoring to affected customers.  Beyond alleging that the breach occurred and that Scottrade’s credit monitoring offer provided inadequate relief, the complaint has nothing specific to say about the breach.  Instead, it speculates that Scottrade might have been targeted by the same hackers who stole data from J.P. Morgan in 2014 – itself an event discussed in the Krebs report on the Scottrade breach.  Plaintiff flatly alleges that Scottrade breached the industry standard of care in allowing the breach to occur, but does not allege precisely how Scottrade failed to do so.

The threadbare complaint against Scottrade illustrates the pitfalls of trying to be a “first mover” whenever a data breach occurs.  Until more is known about how the breach occurred and how, if at all, it affected Scottrade customers, it will not be possible to allege a plausible theory under which Scottrade may be held responsible for the breach.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Kevin McGinty, Corporate, Class Action, Attorney, Mintz Levin, Law Firm
Member

Kevin concentrates in complex corporate and class action litigation. He chairs the firm's Class Action Working Group and has extensive experience defending consumer, antitrust, unfair trade practice, contract, mass tort, and employment class actions.

He has also represented corporations, professionals, and individuals in business acquisition disputes. Kevin’s clients have included health care–related entities (including pharmacies, PBMs, and managed care organizations), insurers (including life, auto, and casualty companies), retailers, manufacturers, and accounting firms. Several...

617-348-1688