TD Bank has settled with the state of Massachusetts after a data breach exposed the personal information of as many as 260,000 customers.
The settlement of $625,000 is separate from similar deals made with other states over the breach. The bank allegedly lost unencrypted backup tapes containing customer information in March 2012 but only went public with the loss in October of that year, after an internal investigation.
Martha Coakley, Massachusetts' state attorney general, brought suit against the company for violation of a state law requiring notification of data breaches and failed to adequately protect the information.
"Businesses are required to secure the sensitive information that consumers entrust to them, and cannot subject consumers to unnecessary risk by failing to provide prompt notice when that information is compromised or lost," Attorney General Coakley said in a released statement.
The actual agreed-upon settlement amount is $825,000, but the attorney general's office credited TD Bank with $200,000 in security upgrades. The American wing of the Canadian bank will pay $325,000 in civil penalties, $75,000 in attorney's fees, and $225,000 to a fund the attorney general's office uses for consumer education.