TD Bank Settles Inquiry into 2012 Data Breach

Register now

TD Bank will pay $850,000 as part of a multistate settlement related to a 2012 data breach, New York State Attorney General Eric Schneiderman said Wednesday.

The March 2012 breach led to personal information of more than 260,000 customers being compromised, according to a press release issued by Schneiderman's office. Schneiderman was one of nine state AGs that investigated breach. New York received just over $114,000 under the settlement.

The breach stemmed from the loss of backup tapes that contained eight to 10 years of unencrypted personal customer data, including account information and social security numbers. The settlement comes amid growing alarm over cybersecurity measures at large banks, highlighted by the massive recent cyber-attack at JPMorgan Chase.

"Consumers expect financial institutions to protect their personal information, and this settlement will help reform the policies and procedures that allowed this breach to happen," Schneiderman said in the release."There has to be one set of rules for everyone, and that includes the big banks and financial institutions entrusted with protecting the sensitive personal information of customers."

As part of the settlement, the press release said, TD Bank is implementing "reasonable security policies" to protect personal customer information and said it will notify customers of any future breaches in a "timely manner." TD Bank has also agreed to review on a biannual basis its policies related to data collection as well as the storage and transfer of policies, storage and transfer of personal customer information.

A spokesperson for TD Bank said the bank has not found any "unusual incidents of fraud" as a result of the breach, and that the institution has upgraded its cybersecurity controls since the incident.

"Prior to the settlements with the Attorneys General, TD Bank made additional upgrades to its processes to continuously enhance the security of our customer's information," said Rebecca Acevedo, vice president for corporate communications, in an emailed statement. "This agreement highlights our efforts to evolve our security controls to further benefit our customers."

For reprint and licensing requests for this article, click here.
Law and regulation