TD Bank, one of the largest banks in the United States by deposits, operating 1,220 branches and employing over 26,000 people, has disclosed a data breach affecting an undisclosed number of customers whose personal information was stolen by a former employee and used to conduct financial fraud.
According to data breach notifications shared with the Vermont Attorney General’s office, the breach was caused by one of their employees giving away customer information to unauthorized people.
“We recently discovered that in May of 2022, one of our employees improperly accessed some of your personal information and may have provided it to an unauthorized third party,” details the notice of data breach sent to customers.
“We believe this was the cause of the fraudulent activity on your account,” further explains the letter, indicating that the bank was investigating reported fraud cases and eventually determined the source of the leak.
The personal information that was compromised as a result of this incident includes the following:
- Full name
- Physical address
- Social security number
- Safe of birth
- Transactional information
- Account number
This information can be used for targeted unauthorized payments, phishing attacks, social engineering, scamming, impersonation, identity theft, and bank fraud.
TD Bank claims this was an isolated incident and is being investigated by their internal corporate security team.
All accounts that suffered financial damage due to the data breach have received reimbursement, and the financial institution will take extra protection measures to ensure this won’t happen again.
