Court allows suit against bank for lax security
Citizens Financial Bank should have offered strong authentication, plaintiffs claim
Computerworld - A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures designed to prevent such compromises.
In a ruling issued last month, Judge Rebecca Pallmeyer, of the District Court for the Northern District of Illinois, denied a request by Citizens Financial Bank to dismiss a negligence claim brought against it by Marsha and Michael Shames-Yeakel. The Crown Point, Ind. couple -- customers of the bank -- alleged that Citizens' failure to implement up-to-date user authentication measures resulted in the theft of more than $26,000 from their home equity line of credit.
The negligence claim was one of several claims brought against Citizens by the couple. Although, Pallmeyer dismissed several of the other claims, she allowed the negligence claim against Citizens to stand. She noted that the couple had shown that a "reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access."
The ruling highlights an issue that security analysts have been talking about for a long time: the need by companies to show due diligence in protecting customer data against malicious and accidental compromise. Security analysts have warned that companies that can't prove they took adequate measures to protect data could find themselves exposed to legal liability after a data breach.
Numerous lawsuits alleging such negligence have been filed against companies over the last two years. Most of those cases, however, involved payment card data breaches in which large numbers of accounts were compromised and in which victims want compensation. Courts typically sided with the breached entities in such lawsuits, and in many cases summarily dismissed the claims.
The decision in the Shames-Yeakel case was first reported on Digital Media Lawyer Blog, which is written by David Johnson, a lawyer specializing in digital media law with Jeffer, Mangels, Butler and Marmaro LLP in Los Angeles. The case shows how the failure to expeditiously implement state-of-the-art security measures can open companies to negligence claims, Johnson wrote.
The ruling shows that a "failure to implement the latest and greatest in data protection measures may be found to be a breach of expected standards of care," he warned.
The dispute stems from a February 2007 incident in which an intruder gained access to the Shames-Yeakel's equity credit line account using their username and password. The intruder then proceeded to take an advance of $26,500 from the account and transfer it to a bank in Austria. The fraudulent transaction wasn't discovered by the couple until 10 days later, by which time it was too late to recover the money.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
- Identity Governance: The Business Imperatives
- This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make... All Security White Papers
- Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game - When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
- Introduction to VMware vCenter Site Recovery Manager 5
- Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
- The Top Ten Secrets to Avoiding SAN Performance Problems
- Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
- Deduplication Without Compromise
- Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
- Director of Disk Products Discusses DXi6700
- Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts