On October 16, Connecticut Attorney General George Jepsen announced that TD Bank, N.A. agreed to pay $850,000 to resolve claims involving a 2012 data breach in which nine unencrypted backup tapes containing the personal information of more than 260,000 customers were missing. Nine state attorneys general – from Connecticut, Florida, Maine, Maryland, New Jersey, New York, North Carolina, Pennsylvania and Vermont – signed on to the settlement following a year-and-a-half-long investigation of TD Bank’s security policies and procedures. The bank properly notified the affected customers and offered free credit monitoring services.
In addition to paying $850,000, TD Bank agreed:
- To comply with state’s data breach notification laws in the future;
- To maintain “reasonable security policies and procedures;”
- To encrypt any backup tapes being transported off the bank’s premises;
- To periodically review its policies with respect to the collection, storage, and transfer of personal information; and
- To train employees on data privacy and security procedures.