PORTLAND, Maine — TD Bank is notifying an unknown number of customers that backup computer tapes containing their confidential personal information, including bank account and Social Security numbers, have been “misplaced,” putting them at risk for identity theft.
Although the security breach occurred in March, the bank only recently began sending letters about it to customers. TD Bank spokeswoman Rebecca Acevedo said the delay was necessary as the bank conducted an internal investigation. But at least one customer called the lag “unconscionable.”
“So what has happened to my personal information for the past seven months?” asked Lew Alessio, a Lewiston-Auburn area businessman who has both business and personal accounts with the bank.
The security breach occurred in March when two backup tapes from a computer server were shipped from one TD Bank location to another. Acevedo said the tapes were misplaced in Massachusetts. She declined to say whether the tapes were the responsibility of a TD Bank employee or an outside contractor at the time.
She said the bank held off notifying customers as it conducted an internal investigation. That investigation is ongoing and the bank has contacted Massachusetts law enforcement, as well. TD Bank began telling customers about the security breach a couple of weeks ago.
“We weighed everything as far as the investigation and what was going on. We figured now was a good time,” Acevedo said.
Acevedo declined to say how many customers were affected, though she said they live throughout the bank’s East Coast coverage area, from Florida to Maine. Notification letters are going out now and will continue until late October. Only affected customers will get a letter.
The two-page letter calls the security breach an isolated incident and notes that the bank has no evidence to suggest customer data has been misused.
Alessio received his letter Saturday. It told him TD Bank may have lost track of several pieces of his personal information, including his credit card number. He called TD Bank customer service to get more information, but he said representatives couldn’t answer his questions.
“All they kept on doing was repeating the same information that was in the letter about how much they care about security,” he said. “So now what do I do? Obviously I monitor my credit information, but do I really want to stay with this bank?”
Among his questions: Why did TD Bank wait seven months to tell him about the breach?
It is unclear whether such a delay is allowed. Maine law permits businesses to conduct an investigation before notifying customers of a security breach, but that notification must be made “as expediently as possible and without unreasonable delay.”
The law provides no timeline, except that customers must be notified no more than seven days after law enforcement determines that such notification won’t compromise a criminal investigation. It’s unclear when TD Bank called in Massachusetts law enforcement and whether the bank waited to notify customers to get the OK from police.
In its letter, TD Bank offers affected customers a year’s worth of free credit monitoring. However, Alessio said he tried to set up his monitoring Monday and was told he would be charged.
nice lost it in march and it took them 7 months to let us know.
yes Paul I agree, and their offer of free credit monitoring says it’s for a year but it’s retroactive to when the breach ocurred so therefore you only get about 6 months, not a year as sated in the letter. Seems like the horse would’ve already been out of the barn…..
I “LOVE” transparency in business. Just imagine what would happen if the government was run “like a business”!!
We need less transparency and fewer regulations! Hey, if these TD Bank customers didn’t know that their was a breach at the bank, that’s their fault! Buyer beware! Enough of this nanny state!
1st of all, your politics are showing–false accusations and jumping to uninformed conclusions….in my case, my accounts had already been closed but they still had my information which is lost.
Second of all, how do you suggest the customers should have known there was a breach??? We were informed 7 months later. Maybe you shouldn’t be so quick to point fingers. How you could arrive at name calling the nanny state from this is beyond me
I was being sarcastic. There are so many people that blame the consumers when stuff like this happens and there is no way a consumer could have possibly known.
that’s a relief!!!! I’m sorry, I apologize :)
I like that you sucked-it-up and apologized. Nice of you (and rare these days.) Thanks!
I’m a Former TD customer.. I pulled my accts. right after the merger happened Like the ad says ” most convenient bank” yea to get your info stolen.. my advice PULL YOUR ACCTS> & go to a Credit Union!! best thing I ever Did
Yes, I agree, a credit union or a locally owned bank is your best bet. I personally prefer credit unions, but I have heard good things about some local banks as well.
I’ve had Brewer Federal Credit Union since I was a small boy. They are still my “bank” of choice, forty-something years later…
Bangor Savings Bank never would have handled it this way.
I’m not so sure about that. When Hannaford had that security breach and I went to BSB they tried to talk me out of changing my bank account number. This, even after Hannaford had gone public.
We all owe a debt of gratitude to TD Bank. Now, anyone shopping for a bank will know where NOT to bank.
Pulled our accounts from TD months ago. Credit Union people are more appriecative of our business. TD never called when they lost $120,000 in accounts. Seems to me someone would have noticed!…Happy at the local credit union…..
The Veterans Administration did the same thing too me, pretty commonplace today. What with the thieves, internet, and banks, it’s a wonder the economy is in such a state. And once something gets on your report, try and remove it.
Don’t trust any of them. I’m heading to Sam’s Club to purchase another mattress to stuff my cash in before we head over that financial cliff in January.
Which we won’t have to worry about, since the world will end on Dec. 21st anyway. :-)
You mean giant banks don’t care about each and every customer?!?!?!
I’ve got one word for TD Bank :
See ya.
Geez I wonder when TD Bank is going to notify me as one of their customers. Oh wait it ain’t so till it hits the press so I bet my notice just got lost in the mail.
“TD” = Tough Dookie.
If you look on JobsInMe.com and see how many IT positions TD Bank has open, you’d be forgiven for thinking they don’t current have anyone responsible for customer privacy protection. Or that they have a Corporate Compliance Department with no teeth.
In short, they don’t seem to take banking regulations seriously.
But then again, why should they? The government says they do, but banks seem to get to do whatever they want, even when it’s with taxpayer money.
It pays to have a powerful lobby.