NOTICE: This is an archived press release. Information contained on this page may be outdated. Please refer to our latest press releases for up-to-date information.

Post date: October 15 2014

A.G. Schneiderman Announces Multi-state Settlement With TD Bank Over Data Breach

1.4 Million Files From 260,000 Customers Were Compromised, Including Data For 31,407 New York Customers

NEW YORK – Attorney General Eric T. Schneiderman today announced a multi-state settlement with TD Bank, N.A. that resolves an inquiry into a 2012 data breach in which 1.4 million files were compromised. The $850,000 settlement requires the bank to reform its practices to help ensure that future incidents do not occur. New York State will receive $114,106.11 under the settlement.

"Consumers expect financial institutions to protect their personal information, and this settlement will help reform the policies and procedures that allowed this breach to happen,” said Attorney General Schneiderman. “There has to be one set of rules for everyone, and that includes the big banks and financial institutions entrusted with protecting the sensitive personal information of customers.”

The data breach occurred in 2012, when TD Bank reported the loss of unencrypted backup tapes in Massachusetts. The tapes contained 1.4 million files and 1,800 different file types that had been accumulated over a period of 8 to 10 years. In total, the files contained various personal information for 260,000 TD Bank customers nationwide, including 31,407 in New York State.

Attorney General Schneiderman was one of nine state attorneys general who worked for a year and a half to investigate the breach as well as the company’s policies and procedures and to negotiate an agreement with TD Bank.

The agreement requires TD Bank notify state residents of any future security breaches or other acquisitions of personal information a timely manner.

TD Bank also agreed to maintain reasonable security policies to protect personal information. The agreement ensures that no backup tapes will be transported unless they are encrypted and all security protocols are complied with. TD Bank will review on a bi-annual basis their existing internal policies regarding the collection, storage and transfer of consumers’ personal information and will make changes to better protect such information. TD Bank will also institute further training for its employees.

This case was handled by Herbert Israel of the Bureau of Consumer Frauds and Protection. The Bureau of Consumer Frauds and Protection, led by Bureau Chief Jane Azia. The Bureau of Consumer Frauds and Protection is part of the division of Economic Justice led by Executive Deputy Attorney General for Economic Justice Karla Sanchez.