Monday, December 14, 2009
Settlement OK’d over hacking into financial firm
Settlement OK’d over hacking into financial firm
StoryDiscussionCLAIR JOHNSON Of The Gazette Staff | Posted: Thursday, November 12, 2009 9:30 pm | Loading…
Font Size:Default font sizeLarger font sizeA federal judge approved a settlement Thursday in a class action lawsuit against D.A. Davidson & Co. over clients’ information that was compromised by a computer hacker almost two years ago.
Chief U.S. District Judge Richard Cebull called the agreement “fair and reasonable.”
The settlement could affect 226,000 current and former customers; about 90,000 of them are Montana residents.
The civil settlement makes available $1 million to class members for reimbursement if they suffer losses through identity theft. The agreement also gives class members until June 2011 to file a claim for losses.
“This case was about peace of mind,” said John Heenan, a Billings attorney who represented the plaintiffs. Now investors know money is available if they have expenses or losses, he said.
D.A. Davidson’s attorney, Jim Goetz of Bozeman, said the company is pleased with the agreement. The company took immediate steps to protect its customers after learning of the security breach by providing on its own two years of credit protection monitoring, he said. So far, there has been no evidence of losses from identity theft. “This is insurance just in case,” Goetz said.
On Dec. 20, 2007, a D.A. Davidson database of confidential personal and financial information of current and former clients was hacked using sophisticated techniques. The company learned of the problem on Jan. 16, 2008, immediately contacted law enforcement and other regulators and hired a forensic security consultant to investigate. The hacker did not gain access to the company’s operating systems or account information, and no trading accounts were affected.
The settlement is the result of more than a year of negotiations between parties after lawsuits were filed.
The parties reached a preliminary agreement in August. A few class members objected to the proposed settlement, but only one of the objections was determined to be substantial. In a mediation session on Tuesday before U.S. Magistrate Judge Carolyn Ostby, the problems were resolved. At the request of the plaintiffs, the deadline for filing a claim was extended.
Meanwhile, a criminal investigation into the hacking of Davidson’s computer files appears to have borne fruit. Investigators followed a trail that led to the arrest of three Latvians in the Netherlands. The suspects allegedly were to pick up money from the company in an extortion plot in which D.A. Davidson initially was advised to send the money to Russia.
The three Latvian suspects were extradited from the Netherlands and arrived in the United States on Oct. 22. Aleksandrs Hoholko, 29, Jevgenijs Kuzmenko, 25, and Vitalijs Drozdovs, 33, pleaded not guilty during an arraignment in Great Falls on Oct. 26.
A fourth “John Doe” defendant, identified as Robert Borko, has not appeared on charges.
Prosecutors allege that it was the fourth defendant who hacked into D.A. Davidson’s computer system and downloaded more than 300,000 client files.
He then sent the company an e-mail advising that their clients’ financial information had been compromised and attached 20,000 account records to prove his claim. In more e-mails, the hacker suggested that the company may want to keep the breach confidential, identified himself as a information technology security consultant and agreed to delete all the stolen information and identify security weaknesses.
Hoholko allegedly picked up or attempted to pick up money wired to the Netherlands from Montana, transactions that were confirmed by the alleged hacker in more e-mails to D.A. Davidson.
The five-count indictment charges conspiracy, extortion, fraud, obtaining financial records through unauthorized access to computers and threatening communications and receipt of extortion proceeds. The defendants face a maximum 20 years in prison and a maximum $250,000 fine if convicted.
StoryDiscussionCLAIR JOHNSON Of The Gazette Staff | Posted: Thursday, November 12, 2009 9:30 pm | Loading…
Font Size:Default font sizeLarger font sizeA federal judge approved a settlement Thursday in a class action lawsuit against D.A. Davidson & Co. over clients’ information that was compromised by a computer hacker almost two years ago.
Chief U.S. District Judge Richard Cebull called the agreement “fair and reasonable.”
The settlement could affect 226,000 current and former customers; about 90,000 of them are Montana residents.
The civil settlement makes available $1 million to class members for reimbursement if they suffer losses through identity theft. The agreement also gives class members until June 2011 to file a claim for losses.
“This case was about peace of mind,” said John Heenan, a Billings attorney who represented the plaintiffs. Now investors know money is available if they have expenses or losses, he said.
D.A. Davidson’s attorney, Jim Goetz of Bozeman, said the company is pleased with the agreement. The company took immediate steps to protect its customers after learning of the security breach by providing on its own two years of credit protection monitoring, he said. So far, there has been no evidence of losses from identity theft. “This is insurance just in case,” Goetz said.
On Dec. 20, 2007, a D.A. Davidson database of confidential personal and financial information of current and former clients was hacked using sophisticated techniques. The company learned of the problem on Jan. 16, 2008, immediately contacted law enforcement and other regulators and hired a forensic security consultant to investigate. The hacker did not gain access to the company’s operating systems or account information, and no trading accounts were affected.
The settlement is the result of more than a year of negotiations between parties after lawsuits were filed.
The parties reached a preliminary agreement in August. A few class members objected to the proposed settlement, but only one of the objections was determined to be substantial. In a mediation session on Tuesday before U.S. Magistrate Judge Carolyn Ostby, the problems were resolved. At the request of the plaintiffs, the deadline for filing a claim was extended.
Meanwhile, a criminal investigation into the hacking of Davidson’s computer files appears to have borne fruit. Investigators followed a trail that led to the arrest of three Latvians in the Netherlands. The suspects allegedly were to pick up money from the company in an extortion plot in which D.A. Davidson initially was advised to send the money to Russia.
The three Latvian suspects were extradited from the Netherlands and arrived in the United States on Oct. 22. Aleksandrs Hoholko, 29, Jevgenijs Kuzmenko, 25, and Vitalijs Drozdovs, 33, pleaded not guilty during an arraignment in Great Falls on Oct. 26.
A fourth “John Doe” defendant, identified as Robert Borko, has not appeared on charges.
Prosecutors allege that it was the fourth defendant who hacked into D.A. Davidson’s computer system and downloaded more than 300,000 client files.
He then sent the company an e-mail advising that their clients’ financial information had been compromised and attached 20,000 account records to prove his claim. In more e-mails, the hacker suggested that the company may want to keep the breach confidential, identified himself as a information technology security consultant and agreed to delete all the stolen information and identify security weaknesses.
Hoholko allegedly picked up or attempted to pick up money wired to the Netherlands from Montana, transactions that were confirmed by the alleged hacker in more e-mails to D.A. Davidson.
The five-count indictment charges conspiracy, extortion, fraud, obtaining financial records through unauthorized access to computers and threatening communications and receipt of extortion proceeds. The defendants face a maximum 20 years in prison and a maximum $250,000 fine if convicted.
# posted by raveneye @ 11:11 AM 
