Jessica Hall continues to update the TD Bank backup tapes breach:
In Maine, 34,907 residents were affected, according to a letter sent to the attorney general from TD Bank. In Massachusetts, the Attorney General’s Office said more than 73,000 residents were affected. In Connecticut, 35,000 residents were affected, while Rhode Island had 500 residents and Maryland had 398 residents affected, according to the state attorney general.
Read more on Morning Sentinel.
As I tweeted earlier today, TD Bank made a bad decision, in my opinion, not to release the total number all at once in their original statement. The story’s staying in the news cycle as each new state discloses their numbers. So now we have a breach that was 6-month delayed in notification and what looks like an attempt to not reveal how bad it may have been. Not a good post-incident response plan.
As a former IT auditor, I can tell you that TD Bank are supposed to inform the FBI, local Police, and make public any security breach that they deem includes loss of nppi(non public private information). I would like to hear what the FDIC says about this. They have to have complete accounts for what happened. It may not be as bad as it sounds IF they used encryption on the tapes and the tapes are not the first two tapes in sequence. Without the header information, and with encryption, the tapes are basically useless.
Unfortunately they weren’t encrypted. http://www.torontosun.com/2012/10/15/td-bank-loses-data-on-260000-us-clients