By Jaikumar Vijayan
September 2, 2009
A couple whose bank account was breached can sue their bank for its
alleged failure to implement the latest security measures designed to
prevent such compromises.
In a ruling issued last month, Judge Rebecca Pallmeyer, of the District
Court for the Northern District of Illinois, denied a request by
Citizens Financial Bank to dismiss a negligence claim brought against it
by Marsha and Michael Shames-Yeakel. The Crown Point, Ind. couple --
customers of the bank -- alleged that Citizens' failure to implement
up-to-date user authentication measures resulted in the theft of more
than $26,000 from their home equity line of credit.
The negligence claim was one of several claims brought against Citizens
by the couple. Although, Pallmeyer dismissed several of the other
claims, she allowed the negligence claim against Citizens to stand. She
noted that the couple had shown that a "reasonable finder of fact could
conclude that the bank breached its duty to protect Plaintiffs' account
against fraudulent access."
The ruling highlights an issue that security analysts have been talking
about for a long time: the need by companies to show due diligence in
protecting customer data against malicious and accidental compromise.
Security analysts have warned that companies that can't prove they took
adequate measures to protect data could find themselves exposed to legal
liability after a data breach.
Subscribe to InfoSec News