News
TD data breach confirmed – names and social security numbers compromised
BlogBreachesResourcesNews
TD data breach confirmed – names and social security numbers compromised

TD data breach confirmed – names and social security numbers compromised

UpGuard Team
UpGuard Team
June 17, 2026

Key facts: TD data breach

  • Date occurred: January 7, 2026 - January 30, 2026
  • Date reported: June 15, 2026
  • Target entity: TD
  • Source of breach: Insider threat (employee)
  • Data types: Names, addresses, phone numbers, dates of birth, social security numbers, account numbers, and transactional data
  • Status: Confirmed; reported on June 15, 2026.
  • Severity: Medium; the exposure of social security numbers and account data significantly increases the risk of financial fraud and identity theft.

What happened in the TD data breach?

TD (td.com) reported a data breach involving customer information on June 15, 2026. The incident was classified as an insider breach, where an employee accessed sensitive data without authorization between January 7 and January 30, 2026.

The compromised information includes highly sensitive details such as names, social security numbers, and bank account numbers. This medium-severity incident is currently being investigated internally, and the bank is implementing measures to enhance its data protection protocols. The exposure of such comprehensive personal and financial data typically increases the risk of identity theft and fraudulent account activity.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for TD customers

Affected customers face significant risks due to the exposure of social security numbers and account details. This information could be leveraged by malicious actors for identity theft, opening fraudulent accounts, or conducting unauthorized financial transactions. Additionally, the availability of phone numbers and addresses increases the likelihood of targeted phishing or social engineering attempts.

Typically, incidents of this nature lead to heightened scrutiny of internal security policies and potential regulatory oversight. Affected individuals should monitor their financial statements closely, consider placing a credit freeze, and remain vigilant against suspicious communications. Transparency regarding the breach helps customers take proactive steps to secure their personal data.

How to protect against similar security incidents

Following the insider breach at TD involving sensitive financial data and social security numbers, customers should take immediate steps to secure their personal and financial information.

  • Monitor financial accounts and credit reports. Review bank statements and credit reports for any unauthorized activity or unfamiliar transactions. Set up real-time transaction alerts on your bank accounts to detect suspicious movements immediately.
  • Implement a credit freeze or fraud alert. Contact major credit bureaus to place a freeze on your credit file, preventing unauthorized accounts from being opened. Alternatively, place a fraud alert to ensure lenders verify your identity before extending credit.
  • Strengthen account security with MFA. Enable multi-factor authentication (MFA) on all financial and personal accounts where available. Use phishing-resistant MFA methods, such as hardware keys or authenticator apps, rather than SMS-based codes.
  • Deploy internal security monitoring. For organizations, implement robust internal access controls and continuous monitoring to detect anomalous employee behavior. Utilize attack surface management tools to identify and mitigate vulnerabilities across the digital infrastructure.

Taking proactive measures is essential to mitigating the long-term risks associated with the exposure of sensitive personal identifiers.

Frequently asked questions

What happened in the TD security breach?

On June 15, 2026, TD (td.com) disclosed a security breach. According to initial reports, an employee compromised the personal information of customers between January 7 and January 30, 2026, including names, social security numbers, and account details.

When did the TD breach occur?

The TD breach was publicly reported on June 15, 2026. The exact date of the attack has not been disclosed.

What data was exposed?

The breach exposed customer names, physical addresses, phone numbers, dates of birth, social security numbers, bank account numbers, and transactional data.

Is my personal information at risk?

If you have a relationship with TD, there is a risk that your personal data was compromised in this breach. Because the incident involved identifiers like social security numbers and bank account details, it is important to stay alert for suspicious activity and take proactive steps to protect your financial identity.

What steps should companies take after being breached?

TD is investigating the incident internally, notifying affected parties, and taking measures to enhance its data protection protocols and review internal security measures.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is Toronto-Dominion Bank (TD Bank Group)?

Toronto-Dominion Bank is a major Canadian multinational financial services corporation that utilizes td.com as its official online platform to provide retail, commercial, and wholesale banking solutions to millions of customers across North America.
  • Check icon
    View our free preliminary report on Toronto-Dominion Bank (TD Bank Group)’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Toronto-Dominion Bank (TD Bank Group)'s score
View score
https://www.td.com/
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
American Express data breach: key facts and what we know so far

American Express data breach: key facts and what we know so far

A data breach involving American Express was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 11, 2026
The University of Western Australia data breach: what happened and what's at risk

The University of Western Australia data breach: what happened and what's at risk

A data breach involving The University of Western Australia was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 10, 2026
Council of Europe data breach: ShinyHunters claims theft of HR and payroll records

Council of Europe data breach: ShinyHunters claims theft of HR and payroll records

A data breach involving Council of Europe was reported in June 2026. See incident details, impact on staff, and recommended security measures.
UpGuard Team
UpGuard Team
June 15, 2026
Easterly Government Properties data breach exposes Social Security numbers and tax data

Easterly Government Properties data breach exposes Social Security numbers and tax data

A data breach involving Easterly Government Properties was reported in June 2026. See incident details, impact on customers, and recommended security measures.
Paul McCarthy
Paul McCarthy
June 15, 2026
Nintendo data breach: 859MB of employee data compromised by SHADOWBYT3$

Nintendo data breach: 859MB of employee data compromised by SHADOWBYT3$

A data breach involving Nintendo was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 16, 2026
Orthopaedic Specialists of Massachusetts data breach: key facts and what we know so far

Orthopaedic Specialists of Massachusetts data breach: key facts and what we know so far

A data breach involving Orthopaedic Specialists of Massachusetts was reported in June 2026. See incident details, impact on patients, and recommended security measures.
UpGuard Team
UpGuard Team
June 15, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating