TD Bank Subject of Another Data Breach

In February 2011 a TD Bank, N.A.‘s employee was arrested in connection with selling private bank account details.

According to police reports the employee was selling the information to various people over the course of a few months. A joint investigation between TD Bank and Elmwood Park Police Department revealed the employee had been selling account numbers since early November 2010.
 
In August 2012 another TD Bank employee was charged with the theft and sale of customer information including, dates of birth, social security numbers as well as bank account information. The information purchased was used to defraud TD Bank customers of their hard earned cash. Both of the involved parties face a maximum sentence of 34 years imprisonment each as well as a $1.5M fine each.
 
Then in October 2012 TD Bank began notifying 267,000 customers that they had misplaced two unencrypted backup tapes that contained their personal information. The tapes originally disappeared in March of the same year whilst in transit between two locations. TD Bank say that they waited five months to notify customers so that they could conduct an investigation into the matter.
 
This data breach has once again attracted legal attention with Massachusetts Attorney General Martha Coakley saying: "We will be reviewing the circumstances of this breach and the steps that TD Bank is taking to address the loss."

According to information security analysts at the Ponemon Institute, a nonprofit organisation, this could cost TD Bank nearly $43 million in lost business, which begs the question, with simple solutions available, why wasn’t this data encrypted?
 
TD Bank reminds customers of common sense practices that can help prevent identity theft, but this really doesn’t help when the company you trust to protect your money and personal information lost your records.
 
TD Bank now joins an ever grow list of organisations from around the globe that have suffered the loss or theft of backup tapes. The list includes Bank of New York Mellon, who lost 12,500,00 customer records, and Chase card Services who lost 2,600,000 customer records, all of which were on unencrypted backup tapes.
 
With the availability of products such as Paranoia3 from DISUK Limited, which provides a solution to ensure every backup tape is encrypted, companies can implement systems to save themselves a PR nightmare as well as the financial cost of a data breach.
 
About Paranoia3
It is external encryption appliance, sitting between the data path and tape device and is transparent to OS, backup software and tape technology. It is simple to install and manage and requires little or no change to the existing operational procedures.