Attorney General Mills Announces Multistate Settlement with TD Bank Over 2012 Data Breach

October 16, 2014

(AUGUSTA) Attorney General Janet T. Mills today announced a multistate settlement with TD Bank, N.A. that resolves a 2012 data breach that affected thousands of consumers and helps to ensure that future incidents do not occur.

Maine was a part of the nine-state group that worked for a year and a half to investigate the breach as well as the company's policies and procedures and to negotiate the settlement, known as an ?assurance of voluntary compliance,? with TD Bank. The signed agreement with TD Bank will resolve consumer protection and privacy claims against them.

?This agreement will help prevent future breaches are prevented. Consumers have a right to know that their private financial information will be protected by the businesses that hold it. This agreement requires TD Bank to reform the policies and procedures that allowed this breach to happen,? Attorney General Mills said.

In October 2012, the Connecticut Attorney General's Office received notification from TD Bank of a data breach involving the loss of unencrypted backup tapes in Massachusetts. These tapes contained 1.4 million files in 1,800 different file types that had been accumulated over eight to ten years. The files contained a variety of personal information belonging to some 260,000 TD Bank customers nationwide. Approximately 34,000 Maine customers were affected.

TD Bank notified affected consumers about the breach and offered free credit monitoring services. Consumers who wished to transfer funds to a new account were able to do so. No consumers were held liable for any unauthorized use of their accounts. Fortunately, however, there have been no reports of identity theft to date.

The agreement requires TD Bank to notify residents of any future breaches of security or other acquisitions of personal information a timely manner. TD Bank also agreed to maintain reasonable security policies to protect personal information. The agreement ensures that TD Bank will not transport backup tapes unless the tapes are encrypted and all security protocols are complied with. TD Bank will regularly review its policies regarding the collection, storage and transfer of consumers? personal information and make necessary changes to protect consumers? privacy. TD Bank will also train their employees in privacy protection.

Joining Maine in the agreement are Connecticut, Florida, Maryland, New Jersey, New York, North Carolina, Pennsylvania and Vermont.

The State of Maine will receive $130,015 of the total settlement amount to further consumer protection efforts.


Supporting documents