was fined $7,500 Friday, July 29, as part of a civil penalty imposed by the Massachusetts Attorney General Martha Coakley following a data breach in which an unencrypted backup computer tape containing the names, Social Security numbers, and account numbers of more than 13,000 customers was lost in May after a bank employee failed to follow the bank’s own policies and procedures.
“Our office will continue to take action against companies that fail to follow protocol to protect the information entrusted to them by consumers,” Coakley said in a press release.
Belmont Savings experienced a data breach in May 2011, when an employee left a backup computer tape on a desk rather than storing it in a vault for the night.
Surveillance footage showed that the tape was inadvertently thrown away by the evening cleaning crew.
While the tape was most likely incinerated by Belmont Savings Bank’s waste disposal company and that there is no evidence that consumers’ personal information had been acquired or used by an unauthorized person or used for an unauthorized purpose, “[c]onsumers expect businesses to not only develop policies and procedures to safeguard their sensitive personal information, but to follow these procedures as well,” Coakley said in a release.
Under the terms of the settlement to mitigate the risk of future data breaches at Belmont Savings, the bank must:
• Ensure the proper transfer and inventory of backup computer tapes containing personal information;
• Store backup computer tapes containing personal information in a secure location; and
• Effectively train the members of its workforce on the policies and procedures with respect to maintaining the security of personal information.