There's a new settlement proposal that's gone public.
I've posted links on my blog.
Here's a summary:
Some class members can get cash. If you've not been an Identity Theft victim, you get $0.
If you've been an Identity Theft victim, and the only identity theft you experienced involved an Existing Credit or Debit Card Account, you may recover $50 if you correctly provide the required information described on a complicated form, and obtain and provide copies of the documentation it requires.
If you've been an Identity Theft victim, and the identity theft you experienced involved a New Account or an Existing Account other than an Existing Credit or Debit Card Account, you may recover up to $250 if you correctly provide the required information described on a complicated form, and obtain and provide copies of the documentation it requires, and may recover up to an additional $750 in out-of-pocket expenses, defined to include telephone charges, copying, postage charges or other charges incurred in closing or correcting an account that was opened or affected as a result of this kind of identity theft. (Legal fees and lost wages are not on the list, which is copied from the Agreement.) Also, if as a result, you paid money that you didn't really owe to creditors and you tried and failed to get them to waive the charges due to the ID theft, and you tried and failed to get them to refund the charges, you can apply to get up to $1500 of it back.
TD Ameritrade will retain Neohapsis, an information technology security consultancy, at TD Ameritrade?s expense to assess whether TD Ameritrade has met certain information technology security standards set forth in the Settlement Agreement (Exhibit G) the standards do not require that TD Ameritrade ensure that default passwords on their servers are changed, that they perform penetration testing, or that they retain or monitor canaries placed in their user account database. If TD Ameritrade fails to meet one or more of the standards, the agreement does not require that the Evaluator perform a second assessment after TD Ameritrade is given time to correct the non-compliance.
All the benefits of the old settlement are gone:
No free year of Trend Micro Internet Security Pro.
No announcement? (Less comprehensive).
No penetration testing.
No account seeding with canaries.
No charitable donations to___; none are guaranteed.
No $2.8 million to the plaintiffs' attorneys. They get $500,000 (less any funds over $6,000,000 distributed to the class.) How it's to be shared is not determined or disclosed.
No $10,000 for class representatives, like me. We get $0.
You can review and comment on the key documents, which I've posted in editable wiki form at http://caringaboutsecurity.wikispaces.com! Cool, huh? (I've not posted the less important documents to the wiki. Just exhibits A, F, and G for now.)
Please take a look and provide feedback.