PORTLAND, Maine — TD Bank has agreed to pay Maine $130,015 as part of a settlement with nine states over a data breach in 2012 that stemmed from an employee losing a set of unencrypted backup tapes with customer data.
Attorney General Janet Mills on Thursday announced Maine’s portion of the bank’s $850,000 settlement with nine states. In addition to the fine Mills’ office said will go toward consumer protection efforts, the bank has agreed to changes in its security policies with the goal of preventing similar breaches.
“This agreement will help prevent future breaches are prevented. Consumers have a right to know that their private financial information will be protected by the businesses that hold it,” Mills said in a prepared statement. “This agreement requires TD Bank to reform the policies and procedures that allowed this breach to happen.”
The breach affected an estimated 34,000 customers in Maine and 260,000 worldwide. The attorney general said there have been reported cases of identity theft as a result.
The agreement requires the bank to notify customers of any future security breaches according to state law, to regularly review its data collection practices and to train employees in privacy protection.
Maine law requires any business dealing with people’s personal information to notify them of a data breach within seven days from the time law enforcement officials determine notification will not jeopardize an investigation.
Maine was a party in the lawsuit alongside Connecticut, Florida, Maryland, New Jersey, New York, North Carolina, Pennsylvania and Vermont.