TD Bank Agrees to Settlement to Resolve Multistate Investigation into 2012 Data Breach
Time 1 Minute Read
Categories: Enforcement, Security Breach, U.S. State Law

On October 10, 2014, TD Bank, N.A. entered into an assurance of voluntary compliance (“Assurance”) with a multistate group of nine attorneys general to settle allegations that the company violated state consumer protection and personal information safeguards laws in connection with a 2012 data breach. The breach involved the loss of two unencrypted backup tapes containing the personal information of approximately 260,000 customers. The Assurance requires TD Bank to pay $850,000 to the attorneys general.

In addition to the payment, the Assurance calls for TD Bank to:

  • Notify affected residents of the nine states of any future breach of security or other unauthorized acquisition of personal information in a timely manner;
  • Maintain reasonable security policies and procedures to protect personal information, including a prohibition on transporting unencrypted backup tapes;
  • Assess the company’s internal policies regarding the collection, storage and transfer of consumers’ personal information at least every two years, making changes as needed to more adequately protect the confidentiality and privacy of personal information; and
  • Provide training for its employees on securing backup tapes.

View the Assurance.

Tags: Consent Order, Consumer Protection, Penalty, State Attorneys General
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page