Posted on 02/16/2015 at 09:22 AM by John Lande
Co-authored with Howard O. Hagen
This weekend the New York Times revealed that a group of hackers infiltrated more than 100 banks and e-payment systems worldwide. Bloomberg now reports that the hackers were able to steal over $1 billion over the course of two years, starting in 2013. For two years, unbeknownst to the banks, the attackers used malicious software to compromise bank cyber and surveillance systems. This is just the latest example in a string of high profile cyberattacks on financial institutions. This blog has repeatedly covered the scope and magnitude of cyber-threats that banks face:
The threat posed by corporate account takeover, and how banks could be liable for substantial losses from business accounts;
Small banks and large banks are equally attractive targets for cyber criminals;
Security flaws in website security protocols can lead to disclosure of sensitive personal information that can be used to infiltrate financial accounts; and
Organized attacks by quasi-state actors intended to gather information that can be used to infiltrate financial accounts.
The attack that was reported over the weekend is particularly disturbing because it was ongoing from 2013 to the present. The fact that the attackers were able to avoid detection, even while ATMs were randomly dispensing cash, for two years should cause every financial institution to consider the adequacy of its security systems. The day may come when banks are able to share responsibility for cybersecurity with retailers and other business groups. A recent ruling from a court in Minnesota in the litigation over Targets 2013 data breach is a step toward this shared responsibility. However, for now banks will continue be on the frontline for cyberattacks.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
Questions, Contact us today.
The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Law is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm. Your use of the Dickinson Law blog postings does NOT create an attorney-client relationship between you and Dickinson, Mackaman, Tyler & Hagen, P.C. or any of its attorneys. If specific legal information is needed, please retain and consult with an attorney of your own selection.