State Attorney General Eric T. Schneiderman on Wednesday announced a multistate settlement with TD Bank over a 2012 data breach that saw 1.4 million files compromised.
The $850,000 settlement requires the bank to reform its practices to help ensure that future incidents do not occur. New York state will receive $114,106.11 under the settlement, and the agreement requires TD Bank to notify state residents of any future security breaches or other acquisitions of personal information in a timely manner, according to a press release from the attorney general’s office.
“Consumers expect financial institutions to protect their personal information, and this settlement will help reform the policies and procedures that allowed this breach to happen,” Schneiderman said in the press release. “There has to be one set of rules for everyone, and that includes the big banks and financial institutions entrusted with protecting the sensitive personal information of customers.”
The data breach occurred in 2012, when TD Bank reported the loss of unencrypted backup tapes in Massachusetts. The tapes contained 1.4 million files collected over 8 to 10 years with personal information for 260,000 TD Bank customers nationwide. Of the affected customers, 31,407 reside in New York state.
The agreement ensures that no backup tapes will be transported unless they are encrypted, the attorney general’s office reported. TD Bank also agreed to review on a biannual basis its existing internal policies regarding the collection, storage and transfer of consumers”™ personal information, to make changes to better protect such information and to further train its employees.
