A letter from TD Bank to affected customers reads, in part:
Some of your personal information was included on two data backup tapes that we shipped to another one of our locations in late March 2012. The tapes have been missing since then, and we have been unable to locate them despite diligent efforts. This isolated incident has been the subject of an internal investigation by our corporate security and information security teams. We have also notified law enforcement. Your personal information included on the tapes may have included your name or address, Social Security Number, and account, debit or credit card number.
We are not currently aware of any misuse of the personal information. However, because we are unable to locate the tapes or to account for their disappearance, we want to provide you with advice on ways to protect yourself.
The sample notification letter was not dated, so it’s not clear to me when customers were actually notified of this incident, but the letter was just posted to the California Attorney General’s web site this week. The letter also does not make clear whether the tapes ever arrived at the destination or were lost in transit, and if the latter, how they were shipped or transported.
Update: According to the Portland Press Herald, the letters are in the process of being sent out, and no, they couldn’t get an explanation of why the six-month delay in notification.