TD Bank has agreed to pay the state of Massachusetts $625,000 to settle allegations by Attorney General Martha Coakley that it violated the privacy rights of 90,000 Massachusetts customers in a 2012 data breach.
According to the Coakley’s office, TD Bank waited seven months to inform the state after a courier service it hired lost two backup tapes containing unsecured personal and financial information for some 260,000 people, including 90,000 Massachusetts residents. TD Bank hired a computer forensic firm to investigate, but the attorney general accused the bank of an “unreasonable delay” in informing the state.
The bank agreed to pay a $825,000 penalty, which was reduced to $625,000 because the bank cooperated with the state. TD Bank also agreed to encrypt personal information on its backup tapes and to review its security procedures and that of its third-party providers.
A spokesperson for TD Bank denied wrongdoing and said the impact of the data loss was limited.
“To date, the bank has not detected any unusual incidents of fraud related to customers who were impacted by this incident, nor has any customer reported any to us,” said Judy Schmidt, the spokesperson. “We continue to monitor customer accounts for fraud.”