Some NH customer had data on lost TD Bank tapes
The problem first came to public attention last week, when customers in Maine began receiving letters from the bank advising them of the security breach and offering free credit-monitoring and identity-theft prevention services. Rebecca Acevedo, a bank spokeswoman, said similar letters went out to New Hampshire customers earlier this week.
She said 35,000 customers were affected in Maine, and 73,000 in Massachusetts. A total of 260,000 customer files are involved across the entire company, which operates on the East Coast, from northern Maine to the southern tip of Florida. The bank has dual headquarters, in Cherry Hill, N.J., and Portland, Maine, with 72 branches in New Hampshire.
'We have about eight million customers,' Acevedo said. 'It is a large number of people affected and even one is too many, but we just don't want eight million people panicking.'
According to Acevedo, two backup tapes from a computer server were being shipped from one TD Bank location to another in Massachusetts in March. Customer names, addresses and social security numbers are contained in the missing data tapes.
'We learned about this in March and have been conducting a thorough investigation in every sense of the word,' Acevedo said. 'We have diligently searched for the tapes and all the while we have been monitoring the accounts and have seen no evidence of improper activity.'
She urged customers to pay close attention to the notification, which she said also offers them the opportunity to change account numbers. 'It clearly outlines for them what their options are and gives them a dedicated line to call so that we can help support them,' she said.
The bank is federally chartered and under the supervision of the Comptroller of the Currency. Officials there declined to comment.
If there is any investigation or sanctions, they will most likely come from federal authorities. 'I don't anticipate us getting involved,' said Richard Arcand of the N.H. Banking Department.
'We notified all state and federal officials as required by law,' Acevedo said. She said the bank is not under the supervision of New Hampshire authorities and was not required to notify them, but did contact the Attorney General's Office on Friday as a courtesy.
James T. Boffetti, senior assistant attorney general and chief of the consumer protection bureau, said that as of 4 p.m. Friday, he had not seen any notification, but had no reason to doubt the bank's statement.
The notification would be more than just a courtesy, since once notified, the state posts the TD bank information on a list of data breach reports maintained on the attorney general's website. This list has hundreds of security breaches or lost data cases going back to 2007.
'It's remarkable to me how many of these notices we receive,' Boffetti said. 'I'm told by other people in other states that the website we maintain is widely used as a resource to find this kind of information. We try to keep that up to date.'