Scottrade Class Action Says Customers’ Sensitive Data Exposed in Breach

Customers hit Scottrade Inc. with a class action alleging the discount investment firm negligently allowed sensitive personal information about their customers to be vulnerable to a data breach from September of 2013 to February 2014.

Lead plaintiff Angela Lynn Martin alleges in her class action lawsuit that Scottrade opened the door to hackers with lax security measures that resulted in the compromise of 4.6 million people’s sensitive information.

In fact, notes the plaintiff, Scottrade was unaware of the data breach until the Federal Bureau of Investigation told the company they had been compromised. Martin also alleges that, as a result of the hacking, millions of dollars were lost.

“Scottrade owed a legal duty to plaintiff and the other class members to maintain reasonable and adequate security measures to secure, protect, and safeguard the personal information stored on its network,” the Scottrade class action lawsuit states. “Scottrade breached that duty by failing to design and implement appropriate firewalls and computer systems, failing to properly and adequately encrypt data, and unnecessarily storing and retaining plaintiff’s and the other class members’ personal information on its inadequately protected network.”

The class action lawsuit points out that Scottrade requires users to disclose a great deal of sensitive information, including credit history and employment information to engage in trading with the discount brokerage. Scottrade does this with the pledge to use leading security technologies to protect its customers’ sensitive information, says the complaint; however, Scottrade’s security technology was allegedly inadequate.

Martin claims Scottrade has a history of data breaches and should have been aware that their security system was lacking. Scottrade, says the plaintiff in her class action, was hacked and the information was used to make fraudulent trades. As a result, Scottrade was fined by government regulators for an insufficient security system.

In the class action, the plaintiff alleges that a hacker had called Scottrade “a simple hit” and the company failed to update its security system adequately after the last data breach. Martin claims that in the months-long undetected hacking, third parties were able to amass millions of dollars off of price manipulations and other scams using stolen information from Scottrade customers.

According to the class action, Scottrade’s offer of a year’s worth of credit monitoring and identity theft insurance did not adequately address the threat posed by the data breach. The plaintiff alleges that since the hack took place years earlier and occurred over such a long period of time, credit monitoring and identity theft protection would not be enough. The plaintiff also claims that the notice provided by Scottrade the following year after the data breach was misleading.

The plaintiff seeks to represent a Class of Florida residents whose private information was accessed during the data breach.

The class action plaintiff had brought her claims in Florida state court several years ago. Those claims were removed to federal court, consolidated with other cases and eventually dismissed. The plaintiffs in those cases appealed to the Eight Circuit Court, but the plaintiff in the present class action has chosen to file in Florida  federal court again.

Martin is represented by the Dogali Law Group PA, Blood Hurst & O’Reardon LLP, Siprut PC, Cohelan Khoury & Singer and Spreter Law Firm APC.

The Scottrade Data Breach Class Action Lawsuit is Angela Lynn Martin v. Scottrade Inc., Case No. 8:17-cv-01042, in the U.S. District Court for the Middle District of Florida.