TD Bank Resolves Claims Over Data Breach, New York Says

TD Bank NA, which lost electronic files containing information for as many as 260,000 customers in 2012, agreed to pay $850,000 to settle a multistate probe into the security breach, New York’s attorney general said.

The unit of Canada’s Toronto-Dominion Bank lost unencrypted backup tapes containing 1.4 million customer files with information accumulated over at least eight years, Attorney General Eric Schneiderman said. The accord also requires the bank to improve its data-security practices.

“There has to be one set of rules for everyone, and that includes the big banks and financial institutions entrusted with protecting the sensitive personal information of customers,” Schneiderman said in a statement.

The settlement, announced today, comes as regulators across the U.S. begin to examine a much larger breach of JPMorgan Chase & Co.’s systems, through which hackers got access to data for as many as 76 million households. The New York-based bank, the biggest in the U.S., said this month there’s no evidence account numbers or passwords were stolen.

State Probes

Connecticut Attorney General George Jepsen’s investigators have been in contact with JPMorgan about the breach, Jaclyn Falkowski, his spokeswoman, said. Illinois Attorney General Lisa Madigan and Rhode Island Attorney General Peter Kilmartin are also investigating. Nick Benson, a spokesman for Schneiderman, declined to comment on whether New York is probing the breach.

The number of cyber-security incidents globally has soared 48 percent to 42.8 million this year, according to a PricewaterhouseCoopers LLP survey.

Data breaches in New York more than tripled from 2006 to 2013 and cost businesses in the state at least $1.37 billion last year, according to a report Schneiderman released in July. Almost 5,000 breaches were reported by businesses, nonprofits and government entities during that time, with hacking attacks causing the worst damage.

Rebecca Acevedo, a TD Bank spokeswoman, said in a statement that the bank hasn’t seen any “unusual incidents of fraud” stemming from the breach.

The bank has been “continually enhancing our technologies and processes” since the breach was reported in 2012, she said.

Before it's here, it's on the Bloomberg Terminal.