Tag: seven months of nondisclosure
Last fall I received a letter that I thought must be a scam, or a joke, or at the very least a mistake. It was from TD Bank, where I have a checking account, and it informed me that the bank had lost two data tapes containing the personal information of 260,000 customers while transporting them between storage locations. The letter went on to explain that the information contained on these tapes may include names, addresses, social security numbers, and account numbers, and that I was among the lucky 260,000 whose information was on those tapes.
The letter said that the data tapes had been lost in March, 2011. The letter was sent in October, 2012.
This must be a scam then! Someone was trying to scare me into calling the phone number provided, and divulging all my identifying information. There’s absolutely no way that any bank would keep such a massive data breach secret for seven months, I thought. That would mean seven months of identity thieves having their way with my data — distributing it all over the world, opening credit cards, buying cars, homes, other fun things that I would never be able to buy because they had ruined my credit. Think of the liability the bank would face! TD’s lawyers would never let the bank wait seven months to let me know about this. So I took to the Internet to find out. Other people must have been targeted by these scammers, too. The Internet would tell me all.
And it did. What I learned shocked me. This wasn’t a scam. This was real. TD had really waited seven (SEVEN!!) months (MONTHS!) to tell its customers about the data breach.
A desire for revenge began to eclipse my feeling of shock. This is going to be massive, I hoped. I could feel it. I could taste it. TD was going to get so sued. There would be a huge class action, and hey, maybe I’ll get a juicy cut of the payout.
Three months later, though, there’s still no suit. Deep in the lull between law school semesters, I decided to investigate why. Here’s what I found: