The U.S. subsidiary of TD Bank Financial Group (TSX:TD) has settled with U.S. authorities in connection with a data breach that involved 1.4 million files.
New York’s attorney general, Eric Schneiderman, announced a multi-state settlement with TD Bank, N.A. Wednesday to resolve an investigation into a data breach that affected 260,000 customers and saw 1.4 million files compromised. The US$850,000 settlement also requires the bank to reform its practices to help ensure that future incidents do not occur.
Back in 2012, TD Bank reported the loss of unencrypted backup tapes in Massachusetts. Schneiderman reports that nine state attorneys general worked for a year and a half to investigate the breach as well as the company’s policies and procedures and to negotiate an agreement with the bank.
That agreement requires the bank to announce any future security breaches or other acquisitions of personal information a timely manner. It also agrees to maintain reasonable security policies to protect personal information, including that backup tapes will not be transported unless they are encrypted and in compliance with all of its security protocols. Additionally, its internal policies regarding the collection, storage and transfer of consumers’ personal information will be reviewed regularly and revised, and it will also institute further training for its employees.
“Consumers expect financial institutions to protect their personal information, and this settlement will help reform the policies and procedures that allowed this breach to happen,” said Schneiderman. “There has to be one set of rules for everyone, and that includes the big banks and financial institutions entrusted with protecting the sensitive personal information of customers.”