InfoBytes Blog
Bank Agrees to Settle Suit Over Cyber Security Procedures
On November 19, a bank sued by a commercial account holder to recover funds lost after cyber attackers gained electronic access to its account and made a series of unauthorized withdrawals reportedly agreed to pay the customer for the unrecovered funds, in connection with the dismissal of the suit. Patco Const. Co. Inc. v. Peoples United Bank, No. 9-503, Stipulation of Dismissal (D. Me. Nov. 19, 2012). In July, the First Circuit held that the bank’s collective security failures, when compared to the security measures employed by other financial institutions and the bank’s capacity to implement more robust protections, rendered its security procedures commercially unreasonable. In doing so, the First Circuit became the first federal appellate court to address the issue of bank liability for the loss of customer funds resulting from a breach of a bank’s cyber security. It reversed a district court ruling in favor of the bank and remanded for further proceedings. On remand, the bank agreed to pay in full for the lost funds.