TD Bank will have to pay steep penalties and reform its data security policies following a 2012 breach that exposed over 260,000 customers’ personal information.  In addition to paying a $850,000 penalty, TD Bank has agreed that it will no longer transport unencrypted backup tapes and will implement other security measures such as employee training and a biannual review of its practices regarding the collection, storage, and transfer of consumers' personal information.  TD Bank will also have to notify residents of the affected states in a timely manner of any future breaches or unauthorized access to their personal information.