On October 16, Connecticut Attorney General George Jepsen announced that TD Bank, N.A. agreed to pay $850,000 to resolve claims involving a 2012 data breach in which nine unencrypted backup tapes containing the personal information of more than 260,000 customers were missing.  Nine state attorneys general – from Connecticut, Florida, Maine, Maryland, New Jersey, New York, North Carolina, Pennsylvania and Vermont – signed on to the settlement following a year-and-a-half-long investigation of TD Bank’s security policies and procedures.  The bank properly notified the affected customers and offered free credit monitoring services. 

In addition to paying $850,000, TD Bank agreed:

  • To comply with state’s data breach notification laws in the future;
  • To maintain “reasonable security policies and procedures;”
  • To encrypt any backup tapes being transported off the bank’s premises;
  • To periodically review its policies with respect to the collection, storage, and transfer of personal information; and
  • To train employees on data privacy and security procedures.