TD Bank Pays $625,000 in Mass. Data Breach Settlement
Bank executives need to understand these basics of vulnerability and accountability when it comes to the security of electronic networks or they could quickly lose their jobs.December 2
Recent speeches by Benjamin Lawsky and other regulators suggest that government officials are gearing up to issue new cybersecurity rules. Banks' relationships with third-party vendors are one likely area of focus.November 26
Regulators are urging senior bank management to spearhead the effort to improve cyber risk management. Executives would be well advised to act before fines and other enforcement actions are handed down.November 25
TD Bank has settled with the state of Massachusetts after a data breach exposed the personal information of as many as 260,000 customers.
The settlement of $625,000 is separate from similar deals made with other states over the breach. The bank allegedly lost unencrypted backup tapes containing customer information in March 2012 but only went public with the loss in October of that year, after an internal investigation.
Martha Coakley, Massachusetts' state attorney general, brought suit against the company for violation of a state law requiring notification of data breaches and failed to adequately protect the information.
"Businesses are required to secure the sensitive information that consumers entrust to them, and cannot subject consumers to unnecessary risk by failing to provide prompt notice when that information is compromised or lost," Attorney General Coakley said in a released statement.
The actual agreed-upon settlement amount is $825,000, but the attorney general's office credited TD Bank with $200,000 in security upgrades. The American wing of the Canadian bank will pay $325,000 in civil penalties, $75,000 in attorney's fees, and $225,000 to a fund the attorney general's office uses for consumer education.