What’s happening: Banks continue to assert they are not responsible when cyberthieves show up at the online-teller-window with legitimate user-ids and passwords. This lawsuit will test that assertion.
What it means: Banks may be losing the shield they have been hiding behind that absolves them of responsibility for cybercrime.
What to do: Stay tuned as we watch the legal playing field evolve. Email our Guide An Emerging Information Security Minimum Standard of Due Care to your attorney.
**********************************
Threat Level; Wired Magazine: An Illinois district court has allowed a couple to sue their bank on the … grounds that it may have failed to sufficiently secure their account, after an unidentified hacker obtained a $26,500 loan on the account using the customers’ user name and password. … As initially reported by legal blogger, David Johnson, Marsha and Michael Shames-Yeakel sued Citizens Financial Bank in 2007 in the northern district of Illinois on several grounds, including a claim that the bank failed to provide state-of-the-art security measures to protect their account. … Judge Pallmeyer stated that, “In light of Citizens’ apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs’ account against fraudulent access.”
http://www.wired.com/threatlevel/2009/09/citizens-financial-sued/