-
TD Bank waits seven months to notify customers of security breach.
Posted on October 10th, 2012 No commentsTD Bank is notifying an unknown number of customers that backup computer tapes containing their confidential personal information, including bank account and Social Security numbers, have been “misplaced,” putting them at risk for identity theft.
Although the security breach occurred in March, the bank only recently began sending letters about it to customers. TD Bank spokeswoman Rebecca Acevedo said the delay was necessary as the bank conducted an internal investigation. But at least one customer called the lag “unconscionable.”
“So what has happened to my personal information for the past seven months?” asked Lew Alessio, a Lewiston-Auburn area businessman who has both business and personal accounts with the bank.
The security breach occurred in March when two backup tapes from a computer server were shipped from one TD Bank location to another. Acevedo said the tapes were misplaced in Massachusetts. She declined to say whether the tapes were the responsibility of a TD Bank employee or an outside contractor at the time.
She said the bank held off notifying customers as it conducted an internal investigation. That investigation is ongoing and the bank has contacted Massachusetts law enforcement, as well. TD Bank began telling customers about the security breach a couple of weeks ago.
“We weighed everything as far as the investigation and what was going on. We figured now was a good time,” Acevedo said.
Acevedo declined to say how many customers were affected, though she said they live throughout the bank’s East Coast coverage area, from Florida to Maine. Notification letters are going out now and will continue until late October. Only affected customers will get a letter.
The two-page letter calls the security breach an isolated incident and notes that the bank has no evidence to suggest customer data has been misused.
Alessio received his letter Saturday. It told him TD Bank may have lost track of several pieces of his personal information, including his credit card number. He called TD Bank customer service to get more information, but he said representatives couldn’t answer his questions.
“All they kept on doing was repeating the same information that was in the letter about how much they care about security,” he said. “So now what do I do? Obviously I monitor my credit information, but do I really want to stay with this bank?”
Among his questions: Why did TD Bank wait seven months to tell him about the breach?
It is unclear whether such a delay is allowed. Maine law permits businesses to conduct an investigation before notifying customers of a security breach, but that notification must be made “as expediently as possible and without unreasonable delay.”
The law provides no timeline, except that customers must be notified no more than seven days after law enforcement determines that such notification won’t compromise a criminal investigation. It’s unclear when TD Bank called in Massachusetts law enforcement and whether the bank waited to notify customers to get the OK from police.
In its letter, TD Bank offers affected customers a year’s worth of free credit monitoring. However, Alessio said he tried to set up his monitoring Monday and was told he would be charged.
-
Is Your Patient Data Secure?
Posted on January 16th, 2011 No commentsIt’s a question practices should be asking in the wake of the news that a server containing personal patient and billing information was breached at a radiology practice in Rochester, N.H.
Continued here:
Is Your Patient Data Secure? -
Data breach affects 4.9 million Honda customers
Posted on December 30th, 2010 No commentsJapanese automaker Honda has put some 2.2 million customers in the United States on a security breach alert after a database containing information on the owners and their cars was hacked, according to reports.
See the article here:
Data breach affects 4.9 million Honda customers -
Connecticut Fines Health Net $375,000 For Security Breach Last Year
Posted on November 9th, 2010 No commentsHealth Net faces a $375,000 fine for a security breach that happened last year at the insurer’s Northeast headquarters in Shelton, the Connecticut Insurance Department said Monday. A portable, external hard drive was lost or stolen in May 2009. It contained medical claims and financial information for about 1.5 million Health Net customers…
Read the original:
Connecticut Fines Health Net $375,000 For Security Breach Last Year -
HITECH Act: What you need to know about new data-breach guidelines
Posted on October 30th, 2009 No commentsHealthcare providers and others handling sensitive patient data are now finding the stakes raised if they suffer a data breach because of a new law known as the “Health Information Technology for Economic and Clinical Health Act,” or HITECH Act. Passed by Congress in February, the HITECH Act is now coming into enforcement by the U.S. Depart…
The rest is here:
HITECH Act: What you need to know about new data-breach guidelines -
FBI, Congress Considers National Data-Breach Law
Posted on October 30th, 2009 No commentsDuring a cybersecurity discussion held Wednesday in Washington D.C., Jeffrey Troy, chief of the FBI’s Cyber Criminal Section, said that law enforcement agencies could get a better grip on fighting the surge of cybercrimes if businesses were legally required to report data breaches to potential victims. Essentially this “data-breach notificatio…
Original post:
FBI, Congress Considers National Data-Breach Law -
Judge rejects TD Ameritrade breach settlement
Posted on October 30th, 2009 No commentsA federal judge has denied a proposed settlement of a class-action suit filed against TD Ameritrade Inc. for a 2007 data security breach that exposed its customers’ personal information. In his ruling in San Francisco last week, U.S.
Read the original:
Judge rejects TD Ameritrade breach settlement -
Indiana ID theft law gets added bite
Posted on September 17th, 2009 No commentsThe new state law increases the penalties for database owners who discard consumers’ personal data, such as Social Security numbers, in a way that could subject them to identity theft. Database owners could face a fine of $5,000 per incident and are required to notify the attorney general’s office, as well as consumers, if a security breach occurs.
Here is the original post:
Indiana ID theft law gets added bite -
Guard Yourself From Identity Theft Away From Home
Posted on August 20th, 2009 No commentsThere’s been another credit card security breach, this time at the Radisson hotel chain.
See the rest here:
Guard Yourself From Identity Theft Away From Home -
Mozilla Store Security Breached
Posted on August 5th, 2009 No commentsGatewayCDI, which operates the Mozilla Store, suffered a security breach affecting an undisclosed number of customers.
See the rest here:
Mozilla Store Security Breached
Recent Comments