[ISN] Court allows suit against bank for lax security

From: InfoSec News <alerts_at_private>
Date: Thu, 3 Sep 2009 02:03:42 -0500 (CDT)
http://www.computerworld.com/s/article/9137451/Court_allows_suit_against_bank_for_lax_security?taxonomyId=17

By Jaikumar Vijayan
September 2, 2009
Computerworld 

A couple whose bank account was breached can sue their bank for its 
alleged failure to implement the latest security measures designed to 
prevent such compromises.

In a ruling issued last month, Judge Rebecca Pallmeyer, of the District 
Court for the Northern District of Illinois, denied a request by 
Citizens Financial Bank to dismiss a negligence claim brought against it 
by Marsha and Michael Shames-Yeakel. The Crown Point, Ind. couple -- 
customers of the bank -- alleged that Citizens' failure to implement 
up-to-date user authentication measures resulted in the theft of more 
than $26,000 from their home equity line of credit.

The negligence claim was one of several claims brought against Citizens 
by the couple. Although, Pallmeyer dismissed several of the other 
claims, she allowed the negligence claim against Citizens to stand. She 
noted that the couple had shown that a "reasonable finder of fact could 
conclude that the bank breached its duty to protect Plaintiffs' account 
against fraudulent access."

The ruling highlights an issue that security analysts have been talking 
about for a long time: the need by companies to show due diligence in 
protecting customer data against malicious and accidental compromise. 
Security analysts have warned that companies that can't prove they took 
adequate measures to protect data could find themselves exposed to legal 
liability after a data breach.

[...]


________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org
Received on Thu Sep 03 2009 - 00:03:42 PDT

This archive was generated by hypermail 2.2.0 : Thu Sep 03 2009 - 00:16:43 PDT