Big banks have been having some privacy issues lately, as hackers abroad and Internet scammers cause problems ranging from website disruptions to tricks designed to obtain personal bank customer data.
Now, another huge North American bank has disclosed a security problem, this time of its own making -- namely, the loss of customer databases on backup tapes gone missing during transport.
Which begs two questions: First, how could they be so careless?
And: What the heck took them so long to fess up?
Lost data, possible security breach
Canada's Toronto-Dominion Bank (NYSE: TD ) has just started notifying its U.S. customers of a possible privacy issue connected with the loss of two server backup tapes, apparently misplaced this past March. Up to 260,000 of TD's 8 million U.S. banking customers will receive letters notifying them that personal information -- including Social Security numbers and bank account information -- were contained on those tapes. Possibly because the transport occurred in Massachusetts, approximately 73,000 of those lost records belong to customers residing in that fair state.
In an era when cybersecurity and privacy issues are ubiquitous concerns, this blunder seems especially glaring. Lately, big U.S. banks Citigroup (NYSE: C ) Bank of America (NYSE: BAC ) , and JPMorgan Chase (NYSE: JPM ) have been having some problems with hackers, reportedly from Iran, bombarding their websites with traffic that crashes their sites. The good news is that, so far at least, there is no evidence that any crucial data has been compromised.
Banks have also been coming up with new ways to fight cybercrime, which often takes the form of fake websites set up by scammers to deceive bank customers into giving away personal financial information. In addition to the three mentioned above, other financial institutions such as American Express (NYSE: AXP ) and Capital One (NYSE: COF ) are purchasing special Internet domain addresses incorporating their company name to foil such miscreants. While this is a definite plus for customers, at $185,000 per address, it is also cheap insurance for the financial sector, which shelled out $2.5 billion in 2011 because of cybercrime.
The apparent carelessness with which these tapes were handled certainly seems at odds with the overall concern of the banking industry toward privacy and security. So, what went wrong with the transfer of the tapes? TD isn't sharing, but will say that it has been conducting its own investigation, apparently for the past six months. There was no official comment on why the company waited so long to notify authorities, or customers -- or why, for crying out loud, the information wasn't encrypted as a safety measure.
A Fool's take
Luckily, there hasn't been any evidence of illegal use of data, according to TD Bank officials. Accidents happen, although you might expect the second-largest bank in Canada to be a little more careful with sensitive information. There seems to be no excuse for the delay in notification, however. With identity theft a real concern for many, customers could have been using the past several months taking steps to protect themselves just in case any of this personal data got into the wrong hands.
Some customers have said they will move their accounts elsewhere, upon hearing of the snafu. TD Bank has worked hard to expand its U.S. presence, and this episode may cost them dearly, both in public relations and in actual lost customers. The worst part about it is that TD really does deserve it.
Interested in what the heck is going on with big banks? To learn more about the most-talked-about bank out there, check out our in-depth company report on Bank of America. The report details Bank of America’s prospects, including three reasons to buy and three reasons to sell. Just click here to get access.