TD Bank has agreed an $850,000 settlement with the Attorney General of New York over a data breach in 2012 that compromised the financial records of 260,000 customers nationwide.
The multi-state settlement - for which New York State will receive $114,106 - requires the bank to reform its practices to help ensure that future incidents do not occur.
"Consumers expect financial institutions to protect their personal information, and this settlement will help reform the policies and procedures that allowed this breach to happen," says Attorney General Schneiderman. "There has to be one set of rules for everyone, and that includes the big banks and financial institutions entrusted with protecting the sensitive personal information of customers."
The data breach occurred in 2012, when TD Bank reported the loss of unencrypted backup tapes in Massachusetts. The tapes contained 1.4 million files and 1,800 different file types that had been accumulated over a period of eight to ten years. In total, the files contained various personal information for 260,000 TD Bank customers nationwide, including 31,407 in New York State.
The agreement requires TD Bank to notify state residents of any future security breaches or other acquisitions of personal information and to improve its security procedures by ensuring that no backup tapes will be transported unless they are encrypted. Better training for all staff and a bi-annual review of security practices are also included in the settlement terms.