TD Bank, N.A. has agreed to a settlement that resolves a nine-state investigation into a 2012 data breach that compromised 1.4 million files. The $850,000 settlement requires the bank to reform its practices to help ensure that future loss of personal information doesn’t occur.
"Consumers expect financial institutions to protect their personal information, and this settlement will help reform the policies and procedures that allowed this breach to happen,” said New York Attorney General Eric T. Schneiderman. “There has to be one set of rules for everyone, and that includes the big banks and financial institutions entrusted with protecting the sensitive personal information of customers.”
In 2012, TD Bank reported the loss of unencrypted backup tapes in Massachusetts. The tapes contained 1.4 million files and 1,800 different file types that had been accumulated over a period of eight to 10 years. In total, the files contained personal information for 260,000 TD Bank customers nationwide.
The agreement requires TD Bank notify state residents of any future security breaches or other acquisitions of personal information a timely manner.
TD Bank also agreed to maintain security policies to protect personal information. The agreement ensures that no backup tapes will be transported unless they are encrypted and all security protocols are followed.
TD Bank will review their existing policies on the collection, storage, and transfer of consumers’ personal information twice a year and make changes to better protect the information. TD Bank will also provide further training for its employees.
The nine states that investigated the TD Bank breach are Connecticut, Florida, Maine, Maryland, New Jersey, North Carolina, Pennsylvania, and Vermont.
