BOSTON (Legal Newsline) - Massachusetts Attorney General Martha Coakley announced a settlement on Friday with Belmont Savings Bank following a data breach that could have affected more than 13,000 Massachusetts residents.
In May, a Belmont Savings Bank employee failed to follow the bank's own policies and lost an unencrypted backup computer tape containing the names, account numbers and Social Security numbers of 13,000 customers.
"Consumers expect businesses to not only develop policies and procedures to safeguard their sensitive personal information, but to follow these procedures as well," Coakley said. "Our office will continue to take action against companies that fail to follow protocol to protect the information entrusted to them by consumers."
During the breach, the employee left the backup computer tape on a desk rather than storing it in a vault for the night. Surveillance footage showed that the tape was inadvertently thrown away by the evening cleaning crew. It was mostly likely incinerated by the Belmont Savings Bank's waste disposal company. Belmont Savings Bank indicated that it has no evidence that the personal information of the consumers had been acquired or used by an unauthorized person or used for an unauthorized purchase.
The assurance of discontinuance with Belmont Savings Bank provides for a civil penalty of $7,500 as well as injunctive relief to mitigate the risk of future data breaches by the bank.
As part of the settlement, Belmont Savings Bank must ensure the proper inventory and transfer of backup computer tapes that contain personal information, effectively train the members of its workforce on the procedures and policies with respect to maintaining the security of personal information, and store backup computer tapes containing personal information in a secure location.