Belmont Savings Bank pays fine for losing personal data of 13,000 customers

In May, the bank lost an unencrypted backup computer tape containing personal information of more than 13,000 customers, according to a report by the Boston Herald.

A bank employee left the backup tape on a desk instead of storing it in a vault at night. The tape was inadvertently tossed in the trash by the cleaning crew, and most likely incinerated by the bank’s waste-disposal company, the newspaper said, citing Attorney General Martha Coakley’s office as the source.

As part of the settlement, the bank agreed to improve its information security practices, including its security procedures for handling computer tapes and customer information.

Belmont Savings Bank declined to comment.

The settlement with Belmont Savings Bank follows a settlement in March with Boston-based restaurant operator the Briar Group, which agreed to pay a $110,000 fine for failing to protect credit card information.

According to a lawsuit filed by the Attorney General’s office, the Briar Group failed to remove malware that was installed on its computer system, allowing hackers to access customers’ credit card and debit card information, for eight months.

The company settled the lawsuit by agreeing to pay the fine, as well as develop a security password management system and implement data security measures to comply with PCI Data Security Standards, including implementation, maintenance, and adherence to a written information security program.

What’s Hot on Infosecurity Magazine?