Toronto-Dominion (TD) Bank is notifying customers about a mishap that may have exposed the personal details of more than a quarter million people. In letters sent to folks along the East Coast of the US, the company writes that it lost two data backup tapes that may have contained the names, addresses, birth dates, driver's license numbers, debit card numbers, account numbers, Social Security numbers and other such information of about 267,000 customers spanning from Maine to Florida.
TD Bank is unable to account for the disappearance of the tapes and has no clue where they might be. They simply vanished while being transferred between locations. Although its letters to States' Attorneys General acknowledge the possibility of a security lapse, TD Bank spokeswoman Rebecca Acevedo said the company isn't classifying the event as a breach. "No data has been lost," she said. Rather, it has merely been "misplaced" -- less than comforting words for those affected, we're sure.
To make matters worse, TD Bank waited more than five months to notify customers of the issue. The tapes originally disappeared in late March 2012. The company reportedly delayed its announcement so it could conduct a thorough investigation. As the cherry on top, all of the data was unencrypted. On the bright side, TD Bank says there are no signs that the "misplaced" information has been misused.
Nonetheless, TD Bank's conduct has drawn scrutiny from customers and government alike. The mishap could cost TD Bank nearly $43 million in lost business, according to information security analysts at the nonprofit Ponemon Institute. "We will be reviewing the circumstances of this breach and the steps that TD Bank is taking to address the loss," said Massachusetts Attorney General Martha Coakley.
Customers with data on the lost tapes -- which includes about 1,000 Canadians with US accounts -- should have been contacted via snail mail. Individuals affected by the loss may transfer funds from affected accounts to new accounts free of charge and they are eligible for a free year of credit monitoring. Additionally, TD Bank reminds customers of common sense practices that can help prevent identity theft:
- Remain vigilant about your personal information, particularly over the next 12 to 24 months.
- Carefully review monthly account statements and your free credit reports.
- Notify us immediately of any suspicious activity or suspected identity theft.
- Report any suspicious or unauthorized activity to law enforcement and to the FTC at 1-877-FTC-HELP (877-382-4357)
- Place a fraud alert on your credit file, which tells creditors to contact you before they open any new accounts or change your existing accounts.
https://www.techspot.com/news/50514-td-bank-misplaced-the-unencrypted-data-of-267000-customers.html
