TD Ameritrade was supposed to pay its penance in court yesterday after exposing many of its customers' personal data -- and then failing to inform them -- last year. But a last-minute change of heart by the plaintiff threw a monkey wrench into the proceedings.

In an internal audit last year, TD Ameritrade found malware on an internal database that may have allowed spammers to steal names, addresses, phone numbers, and email addresses from as many as 6.3 million customers. No account data was lost, but many of the customers experienced an increase in spam as a result of the breach. (See TD Ameritrade Breach Affects 6.3M Customers.)

In a class action lawsuit, TD Ameritrade customers, led by chief plaintiff Matthew Elvey, alleged that the financial services company had failed to disclose the breach in a timely fashion, and that they are eligible for damages.

In a settlement of the suit, TD Ameritrade was prepared to offer all of the plaintiffs in the class action a free copy of Trend Micro's Internet Security Pro software, which has a $70 retail value, according to a report in Wired, which sent a reporter to the courtroom. The settlement also included a $20,000 donation to the Honeynet Project and $35,000 to the National Cyber Forensics and Training Alliance. The plaintiffs' lawyers stood to make $1.8 million.

But in a last-minute change of heart in the courtroom, Elvey said he was unhappy with the deal and had been pressured into agreeing to it. "I believed I was deceived into the terms of the settlement," Elvey told Wired outside the courtroom. "I don't think it does anything substantial." He noted that the Trend Micro software is available for free after rebate at some electronics stores.

The judge in the case has set aside the settlement until the dispute between Elvey and the lawyers can be cleared up.

— Tim Wilson, Site Editor, Dark Reading