Vermont will receive $83,000 of asettlementstate attorneys general reached with TD Bank that resolves a 2012 data breach that affected almost 16,000 Vermont consumers. The breach involved the loss of two unencrypted backup tapes containing 1.4 million files that had been accumulated over eight to ten years. The files contained a variety of personal information belonging to some 260,000 TD Bank customers nationwide.
“Vermont is committed to protecting the privacy of consumer information, whether held by a small retailer or a national bank. The most important things a business can do once it’s suffered a breach are to remedy the problem and get notice out as quickly as possible,” Attorney General Sorrell said. Though the breach occurred in March 2012, notice was not given to consumers or the Attorneys General until October 2012, almost seven months later.
The agreement made with the Vermont Attorney General and eight other states requires TD Bank to notify residents in a timely manner of any future breaches of security or other acquisitions of personal information. TD Bank also agreed to maintain reasonable security policies to protect personal information. The agreement ensures that no backup tapes will be transported unless they are encrypted and all security protocols are complied with. TD Bank will review on a bi-annual basis their existing internal policies regarding the collection, storage and transfer of consumer's personal information and make changes to more adequately protect such information as needed. TD Bank will also institute further training for their employees.
Joining Vermont in the agreement are Connecticut, Florida, Maine, Maryland, New Jersey, New York, North Carolina, and Pennsylvania.
Information about data security can be found on the Attorney General’swebsiteunderPrivacy and Data Security.
Published: Oct 17, 2014