New Jersey businesses may be interested in the story of one company who has settled a potentially-lengthy litigation over a data security breach. The dispute has gone away, but one of the parties wishes that the issue went to trial.
In November 2011, 12 fraudulent transfers were made from oil production company TRC Operating Co.’s accounts with United Security Bank of Fresno. USB says that they halted nine of them, with only one of the transfers actually completed. TRC demanded that USB pay it back for the transfer that went through, but USB refused. The bank claimed that the security of account names and passwords was TRC’s responsibility, according to its contractual agreement with the bank. However, TRC filed a lawsuit against USB, and USB turned control over the suit to its insurance company.
Now, the insurance company has settled out of court with TRC for a sum of $350,000. USB says that it is disappointed that there was a settlement. It believes that a court ruling on the issue would have set a useful precedent for the banking industry regarding security breaches that involve an account holder’s credentials and cyber attacks. Some doubt that USB’s security measures were not up to standards set by the Federal Financial Institutions Examination Council three years ago. This would have required something beyond just a login using a username and password to access the account and authenticate the transfers. The Uniform Commercial Code, however, only requires that reasonable security measures are taken.
Commercial litigation can be complex, and it can be very helpful to have an attorney with experience in business disputes to evaluate the case. The attorney may then be able to either negotiate a settlement with the other side or prepare a lawsuit if necessary.
Source: Bank Info Security , “Bank Pays Oil Co. $350,000 Settlement“, Tracy Kitten, June 23, 2014