TD Bank Data Breach: 2025 Incident and What to Do

TD Bank Data Breach: 2025 Incident and What to Do
Louis Corneloup
Written by Louis Corneloup
Founder at Dupple and Techpresso
March 30, 2026

TD Bank confirmed a data breach in February 2025. The breach exposed Social Security numbers and financial account details. A class action lawsuit alleges TD Bank knew about the incident "for some time" before the public disclosure, which is the central claim in the negligence case. The breach is one of multiple TD Bank security and compliance incidents in the last 18 months. See MOVEit for more. See investigation into this supply chain failure for more. See data security failures for more.

If you bank with TD or have TD as a creditor, the practical steps are simple: freeze your credit at all three bureaus, enroll in identity monitoring, file a claim if eligible, and enable account alerts. Below is what is verified about the breach, the lawsuit status, and what to do regardless of whether you were directly affected. See how to file an identity theft affidavit for more.

Quick reference: TD Bank security incidents 2024-2026

IncidentDateDetail
TD Bank data breachFebruary 2025 disclosureEmployee accessed customer data, SSNs and account details exposed
CFPB fineSeptember 2024$28 million for inaccurate consumer credit reporting
Stevens v. TD Bank (Meta pixel case)August 2025Class action dismissed by NJ district court
Earlier MA AG settlement2014$625K for slow notification on 2012 backup tape breach

What is verified about the February 2025 breach

The TopClassActions complaint and subsequent reporting confirm:

Employee-accessed data: An employee accessed customer data without authorization. The class action filing alleges this access was not isolated and went undetected for an extended period.

Data exposed: Social Security numbers and financial account details. The full list of affected customers has not been publicly itemized.

Notification delay: The class action alleges TD Bank knew about the incident "for some time" before the February 2025 public disclosure. The delay is the central negligence claim.

Notification process: Affected customers received notification letters with offered identity monitoring through a third-party provider.

If you received a notification letter, you are confirmed affected. If you did not, you may still be at risk if your account data was in the affected systems.

What to do if you bank with TD

Five steps that take roughly 30 minutes:

1. Freeze your credit at all three bureaus: Free since 2018. Equifax, Experian, and TransUnion. A freeze blocks new accounts being opened in your name. The strongest single defense against identity theft.

2. Enroll in TD's offered identity monitoring: If you received a notification letter, the offer is real and free. Activate it.

3. File a claim if eligible: At tdbankapsnfeeclassaction.com (the official class action settlement site if applicable). Class action payouts are typically $50-$300 per claimant unless you can prove direct fraud loss.

4. Enable account alerts on TD accounts: Real-time notifications for transactions over a threshold, login attempts, and address changes.

5. Review credit reports for unauthorized accounts: Free at annualcreditreport.com. Check all three bureaus.

If you are not a TD customer but had your data shared with TD (e.g., loan applications), the same steps still apply. Identity theft does not check whether you currently bank with the breached entity.

What changed in 2025-2026 for breach notification

Most US states now require breach notification within 30-60 days of discovery. The TD class action turns on whether TD met that timeline.

The Massachusetts AG's 2014 settlement against TD ($625K for slow notification on a 2012 backup tape breach) set the precedent: delayed notification triggers automatic AG penalties regardless of harm. The 2025 case extends that pattern.

The CFPB's September 2024 $28M fine on TD for inaccurate consumer credit reporting is a separate compliance issue but signals broader operational gaps that contributed to the 2025 incident.

Common misconceptions about bank breaches

Two patterns I see:

1. "Banks are immune to breaches because of regulation": TD has had multiple incidents in the past decade. Regulation creates penalties for breaches but does not prevent them.

2. "Class actions pay out a lot": Typical per-claimant payout is $50-$300 unless you can prove direct fraud loss. Document everything if you do experience fraud after the breach.

The honest framing: file the claim, accept the small payout, and focus on credit freezes and monitoring, which provide more value than any settlement check.

What about the August 2025 Meta pixel case?

Separate from the February 2025 employee-access breach, a class action (Stevens v. TD Bank) alleged TD shared customer data with Meta through tracking pixels on TD's website. The New Jersey district court dismissed this case in August 2025 for insufficient facts pled.

The Meta pixel issue is a real privacy concern across many banks and websites in 2026. The legal standard for class certification is high. Most pixel-based privacy class actions either settle for low amounts or get dismissed.

How to assess any bank breach in 2026

Three questions to ask:

1. What data was exposed?: SSN plus financial account details is the most dangerous combination. Identity theft risk is highest.

2. How long between discovery and notification?: Long delays signal poor incident response. Affected customers had less time to protect themselves.

3. What remediation is offered?: Free credit monitoring is standard. Identity restoration services are stronger. Cash payments via class action are typically last and small.

Apply these to TD's February 2025 breach: SSN plus account data exposed (high risk), notification delay alleged (poor response), credit monitoring offered (standard remediation).

FAQ

Was TD Bank breached in 2025?

Yes. TD Bank confirmed a data breach disclosed in February 2025. An employee accessed customer data without authorization. Social Security numbers and financial account details were exposed. A class action lawsuit was filed shortly after.

What should I do if I am a TD Bank customer?

Freeze your credit at Equifax, Experian, and TransUnion (free). Enroll in any identity monitoring TD offered. File a class action claim if eligible. Enable account alerts. Review credit reports for unauthorized accounts.

How much will the TD Bank class action settlement pay?

Typical per-claimant payouts in bank breach class actions run $50-$300 unless you can prove direct fraud loss. Document any unauthorized activity meticulously.

Did TD Bank share my data with Meta?

A separate class action (Stevens v. TD Bank) alleged this in 2024-2025 but was dismissed in August 2025 for insufficient facts pled. Meta pixel data sharing is a real concern across many websites but the legal standard for class certification is high.

Is TD Bank safe to bank with after the breach?

The 2025 breach was an employee-access incident, not a systemic external compromise. TD remains FDIC-insured (deposits up to $250,000 protected). The risks are identity theft from exposed data, not loss of deposits. Take the protective steps above regardless of which bank you use.

Stop overpaying for AI tools you barely use. See how Dupple X helps your team adopt AI without the bloat.

Feeling behind on AI?

You're not alone. Techpresso is a daily tech newsletter that tracks the latest tech trends and tools you need to know. Join 500,000+ professionals from top companies. 100% FREE.

Discover our AI Academy
AI Academy

Related Articles

May 8, 2026

How to Test Business Idea Success: The 2026 Framework
May 5, 2026

Dart Artificial Intelligence: Smart Apps in 2026
May 5, 2026

Smarter Content Creation: How to Effortlessly Humanize AI Writing for Any Audience
May 4, 2026

Paperless Accounting Software: 2026 Leader's Guide