Big banks have been having some privacy issues lately, as hackers abroad and Internet scammers cause problems ranging from website disruptions to tricks designed to obtain personal bank customer data.
Now, another huge North American bank has disclosed a security problem, this time of its own making -- namely, the loss of customer databases on backup tapes gone missing during transport.
Which begs two questions: First, how could they be so careless?
And: What the heck took them so long to fess up?
Lost data, possible security breach
Canada's Toronto-Dominion Bank (NYSE:TD) has just started notifying its U.S. customers of a possible privacy issue connected with the loss of two server backup tapes, apparently misplaced this past March. Up to 260,000 of TD's 8 million U.S. banking customers will receive letters notifying them that personal information -- including Social Security numbers and bank account information -- were contained on those tapes. Possibly because the transport occurred in Massachusetts, approximately 73,000 of those lost records belong to customers residing in that fair state.
In an era when cybersecurity and privacy issues are ubiquitous concerns, this blunder seems especially glaring. Lately, big U.S. banks Citigroup (NYSE:C) Bank of America (NYSE:BAC), and JPMorgan Chase (NYSE:JPM) have been having some problems with hackers, reportedly from Iran, bombarding their websites with traffic that crashes their sites. The good news is that, so far at least, there is no evidence that any crucial data has been compromised.
Banks have also been coming up with new ways to fight cybercrime, which often takes the form of fake websites set up by scammers to deceive bank customers into giving away personal financial information. In addition to the three mentioned above, other financial institutions such as American Express (NYSE:AXP) and Capital One (NYSE:COF) are purchasing special Internet domain addresses incorporating their company name to foil such miscreants. While this is a definite plus for customers, at $185,000 per address, it is also cheap insurance for the financial sector, which shelled out $2.5 billion in 2011 because of cybercrime.
The apparent carelessness with which these tapes were handled certainly seems at odds with the overall concern of the banking industry toward privacy and security. So, what went wrong with the transfer of the tapes? TD isn't sharing, but will say that it has been conducting its own investigation, apparently for the past six months. There was no official comment on why the company waited so long to notify authorities, or customers -- or why, for crying out loud, the information wasn't encrypted as a safety measure.
A Fool's take
Luckily, there hasn't been any evidence of illegal use of data, according to TD Bank officials. Accidents happen, although you might expect the second-largest bank in Canada to be a little more careful with sensitive information. There seems to be no excuse for the delay in notification, however. With identity theft a real concern for many, customers could have been using the past several months taking steps to protect themselves just in case any of this personal data got into the wrong hands.
Some customers have said they will move their accounts elsewhere, upon hearing of the snafu. TD Bank has worked hard to expand its U.S. presence, and this episode may cost them dearly, both in public relations and in actual lost customers. The worst part about it is that TD really does deserve it.
Fool contributor Amanda Alix has no positions in the stocks mentioned above. The Motley Fool owns shares of Bank of America, Citigroup, and JPMorgan Chase, and has the following options: short OCT 2012 $55.00 puts on American Express, short OCT 2012 $60.00 calls on American Express, and long OCT 2012 $65.00 calls on American Express. Motley Fool newsletter services recommend American Express. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.