The Massachusetts Attorney General recently announced a $7,500 settlement with Belmont Savings Bank following a data breach in which an unencrypted backup computer tape was lost after an employee failed to follow the bank’s policies and procedures. This tape contained the names, Social Security numbers, and account numbers of more than 13,000 Massachusetts residents.
The tape was lost in May 2011, when an employee left it on a desk rather than storing it in a vault for the night. Surveillance footage showed that the tape was then thrown away by the cleaning crew. The tape was most likely incinerated by the bank’s waste disposal company, and the bank has indicated that it has no evidence that the Massachusetts residents’ personal information had been acquired or used by an unauthorized person.
In addition to the $7,500 penalty, the settlement requires Belmont Savings Bank to mitigate the risk of future data breaches by:
- Ensuring the proper transfer and inventory of backup computer tapes containing personal information;
- Storing backup computer tapes containing personal information in a secure location; and
- Effectively training its employees on the bank’s policies and procedures for maintaining the security of personal information.
This is the second announcement this year by the Massachusetts Attorney General’s office of a settlement as a result of a data breach.