Word comes this afternoon that a federal judge has rejected a class-action lawsuit settlement that would have seen TD Ameritrade escape with less than a wrist slap in an egregious data-breach case that touched as many as six million customers and calls for at least a public flogging.

According to Associated Press:

A federal judge has refused to approve a settlement over contact information stolen from online brokerage TD Ameritrade Holding Corp. U.S. District Judge Vaughn Walker in San Francisco says the deal offers little significant benefit to the more than 6 million current and former customers affected. Walker rejected the deal despite giving it preliminary approval earlier this year.

As we first reported here on Buzzblog more than two years ago, TD Ameritrade received repeated warnings from IT security experts that it had been victimized by hackers and that personally identifiable information of its customers had been comprised.

A subsequent class-action lawsuit, spearheaded by computer consultant Matthew Elvey, was settled out of court by attorneys for both sides -- an agreement Elvey rejected and data-breach experts criticized as sending the wrong message because it offered no real compensation. Judge Walker this past summer agreed to reconsider the settlement, a decision that paved the way for today's news.

Public Citizen, which backed Elvey, issued this statement today:

The company's offer to provide its clients with a one-year subscription to anti-spam software would do nothing to protect customers from identity theft and would be useless to those who already have anti-spam software or could obtain similar protection for free.

Regardless of what compensation Ameritrade offers, the company promised little to prevent a future breach or to reassure customers who had been complaining for almost two years that their private account information was being stolen from the company, said Greg Beck, the Public Citizen attorney who is representing Elvey, along with California attorney Mark A. Chavez of Chavez & Gertler.

"The court recognized that the settlement benefits Ameritrade more than its customers," Beck said. "Ameritrade should not get off the hook for its massive security breach until it comes clean with its clients and shows it has fixed the problem."

Whether that happens remains to be seen, but at least the judge has sent a message to TD Ameritrade indicating it must do more to make amends.