Nine state attorneys general this week settled with TD Bank over an incident in 2012 that resulted in the loss of 1.4 million records relating to 260,000 customers of the Maine-based bank. The bank will pay $850,000 to the states involved and update its security practices.
In October 2012, TD Bank lost unencrypted backup tapes in Massachusetts and alerted the Connecticut attorney general’s office. The bank also alerted its customers and offered free credit monitoring services. According to the Maine attorney general’s office, there have been no reports of identity theft stemming from the TD data breach.
“This agreement will help prevent future breaches are prevented. Consumers have a right to know that their private financial information will be protected by the businesses that hold it. This agreement requires TD Bank to reform the policies and procedures that allowed this breach to happen,” Maine Attorney General Janet Mills said.
TD Bank will be required to notify customers of any future security breaches in a timely fashion, as well as maintain “reasonable” data security practices. For example, the bank agreed not to transport any backup tapes unless the information contained on them is fully encrypted. TD Bank will review its policies on a bi-annual basis and provide privacy protection training for its employees.
The AGs in Connecticut, Florida, Maine, Maryland, New Jersey, New York, North Carolina, Pennsylvania and Vermont collaborated on the settlement.
“Consumers expect financial institutions to protect their personal information, and this settlement will help reform the policies and procedures that allowed this breach to happen,” said New York Attorney General Eric T. Schneiderman. “There has to be one set of rules for everyone, and that includes the big banks and financial institutions entrusted with protecting the sensitive personal information of customers.”
TD Bank spokesperson Rebecca Acevedo told Advisen in an email, “Since first reporting this issue in fall 2012, TD Bank has been continually enhancing our technologies and processes to better protect the personal information of our customers. Prior to the settlements with the Attorneys General, TD Bank made additional upgrades to its processes to continuously enhance the security of our customer’s information. This agreement highlights our efforts to evolve our security controls to further benefit our customers. TD Bank has settled with the Attorneys General in an effort to resolve this issue .To date, the bank has not detected any unusual incidents of fraud related to customers who were impacted by this incident, nor has any customer reported any to us, and we continue to monitor customer accounts for fraud.”