On October 12 TD Bank reported that two backup tapes containing sensitive information from 260,000 US banking customers were lost back in March. Based on the extended time before announcing the data breach a legal expert in this area predicts class action lawsuits and state fines will occur as a result.
In TD Bank’s notifications to state attorneys general it was indicated that the information on the lost backup tapes may have included names, addresses, account numbers, Social Security numbers and/or other data elements including driver’s license numbers and dates of birth. TD Bank did not, however, specify whether or not the data on these tapes was encrypted. Currently there is no evidence that the data from the lost backup tapes has been used or attempted to be used for identity theft and TD Bank also stated that the loss of these two backup data tapes was an isolated incident.
It is estimated that 260,000 US customers of TD Bank may have had their data compromised in the breach, and a large portion of these customers are from Massachusetts and New Hampshire. The Massachusetts attorney general released a statement saying 73,000 state residents were affected while the attorney general from New Hampshire said 44,000 state residents could be affected. TD Bank has not commented on or confirmed how many and which states may have breach victims, but various news reports have said that TD customers from California, Florida, Connecticut, Maryland, Rhode Island and Main were affected as well.
While all affected customers have been notified, there was a large lapse between when the backup tapes were lost in March and notifications first sent out in October. While breach notification requirements differ from state-to-state, this extended delay between when the breach occurred and when it was reported could result in fines from several states with affected residents.
For more information: