Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Stephen Joyce
Oct. 17 — TD Bank NA agreed in a no-fault assurance of voluntary compliance to pay $850,000 and enhance data security standards and employee training to resolve an investigation conducted by nine state attorneys general concerning a 2012 data breach at the bank affecting about 260,000 customers, Connecticut Attorney General George Jepsen (D) told Bloomberg BNA Oct. 17.
New York Attorney General Eric T. Schneiderman (D) announced the agreement Oct. 15.
Under terms of the agreement, the bank agreed to pay the penalty to the states plus maintain reasonable security policies to protect customers' personal data and enhance data security training for its employees, Schneiderman said in a statement.
In October 2012, TD Bank announced the breach, a loss in Massachusetts of unencrypted backup tapes containing 1.4 million files—data accumulated over as many as 10 years, according to the attorney general's statement.
TD Bank contacted Jepsen's office to inform it of the breach, Matthew Fitzsimmons, Connecticut assistant attorney general, told Bloomberg BNA Oct. 17. “We did have some disagreements on the legal implications of what happened, but overall they were very cooperative throughout the investigation and the negotiations,” Fitzsimmons said.
“Since first reporting this issue in fall 2012, TD Bank has been continually enhancing our technologies and processes to better protect the personal information of our customers,” TD Bank spokeswoman Rebecca Acevedo told Bloomberg BNA Oct. 15.
“Prior to the settlements with the Attorneys General, TD Bank made additional upgrades to its processes to continuously enhance the security of our customers' information.”
“This agreement highlights our efforts to evolve our security controls to further benefit our customers,” Acevedo said. “TD Bank has settled with the Attorneys General in an effort to resolve this issue.”
“To date, the bank has not detected any unusual incidents of fraud related to customers who were impacted by this incident, nor has any customer reported any to us, and we continue to monitor customer accounts for fraud,” Acevedo added.
Connecticut, Florida, Maine, Maryland, New Jersey, New York, North Carolina, Pennsylvania and Vermont participated in the investigation.
“Data breaches are occurring with increasing frequency across the board. They are not limited to financial companies, Jepsen said.
Jepsen said several industries besides financial firms are under ever increasing, and more sophisticated, cyberattacks.
“At TD it was a matter of tapes lost somewhere between the loading dock and where they were supposed to go, and that can happen. We've had a number of health-care institutions here in Connecticut where laptops were left somewhere, a thumb drive was left somewhere. It can be accidents like that,” he said.
“Retailers are reaching the tipping point where collectively there is a need to look at what technologies can be used” to enhance security, the Jepsen said.
Fitzsimmons, a data security specialist, said emerging solutions will likely be developed by both industry and government. Jepsen agreed.
Attorneys general “can be a real catalyst in terms of driving industries in directions they need to go” to strengthen data security, Jepsen said.
A PricewaterhouseCoopers LLP survey of 9,700 senior corporate officials located in more than 154 countries reported that the number of detected security breaches increased to 117,339 incoming attacks each day—which would extrapolate to more than 42.8 million annually—a 48 percent jump compared with 2013, while total financial losses attributed to security compromises increased 34 percent compared with 2013.
TD Bank is part of Canada's Toronto-Dominion Bank and affiliates, collectively known as TD Bank Group. The group operates in more than a dozen U.S. states and is regulated by the federal Department of Treasury's Office of the Comptroller of the Currency.
To contact the reporter on this story: Stephen Joyce in New York at firstname.lastname@example.org
To contact the editor responsible for this story: Heather Rothman at email@example.com
The assurance of voluntary compliance is available at http://www.ct.gov/ag/lib/ag/press_releases/2014/20141016_oag_cdp_tdbank_settlement.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)