In March of 2012, TD Bank misplaced two unencrypted backup tapes during a courier run between two of their offices. The tapes were filled with customers’ personally identifiable information including names, addresses, Social Security numbers and bank account numbers of more than a quarter of a million customers.
TD Bank failed to notify customers for a full seven months after the data breach. State officials noted this as an excessive delay that did not observe state data breach laws requiring prompt customer notification. Upon this realization, they took swift action to penalize the financial institution.
Nine states reached a settlement with TD Bank in October 2014, ordering them to pay $850,000 in fines and reform their security practices to prevent future breaches. States involved in the settlement included Connecticut, Florida, Maine, Maryland, New Jersey, North Carolina, Pennsylvania, Vermont and New York.
On Monday, TD Bank faced their second breach-related fine of $625,000. The Massachusetts attorney general issued the fine this time. The independent settlement was due to the disproportionally large number of residents potentially impacted by the breach — 90,000 of the 260,000 customers were Massachusetts’s residents.
Massachusetts’ fine brings TD Bank’s total cost for penalties up to almost $1.5 million. The bank has also invested $200,000 in implementing new security measures since the breach.
In addition to financial consequences of the breach, the bank has also agreed to a number of new terms. They include providing prompt customer breach notification and requiring third parties to adhere to strict security measures.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.