0Court Recognizes “Commercial Reasonableness” in Finding for Bank in Data Security Breach Case
People’s United Bank, the nation’s largest regional bank headquartered in New England, won a key victory in a data security breach case that had been followed for two years by the national banking associations, as well as by American Banker and other industry publications.
Patco Construction Company Inc., a commercial customer of the bank, brought suit alleging that the bank was responsible when third-party cybercriminals allegedly breached Patco’s computer system, stealing passwords and challenge question answers allegedly through the use of keylogging malware, and executed a series of fraudulent withdrawals from Patco’s checking account. Patco filed suit against People’s United in 2009, alleging negligence, breach of contract, breach of fiduciary duty, unjust enrichment and conversion.
In May 2011, Magistrate Judge John Rich recommended that the court grant People’s United’s motion for summary judgment on all six counts and deny Patco’s cross-motion for summary judgment. In a detailed, 70-page opinion, Rich found that People’s United had “demonstrated that the security procedures that it had in place as of May 2009 were commercially reasonable” under Article 4A of the UCC and that the rest of Patco's claims were preempted. On August 3, 2011, Judge Brock Hornby upheld the Magistrate’s recommendation.
“This was one of the first cases of its kind in the United States to deal with online hacking of bank accounts,” said Goodwin partner Brenda Sharton, who led the litigation team representing People's United “People's United Bank’s online banking security system is state of the art and among the best in use. Through this decision, the court recognized the commercial reasonableness of that system under the law.” You can contact Brenda at 617.570.1214 to discuss this case.
Click here for the Magistrate's opinion.
0CFPB Issues Interim Final Rule on Investigations
0CFPB Issues Interim Final Rule on Practices for Adjudication Proceedings
The Consumer Financial Protection Bureau issued an interim final rule that establishes its practices for adjudication proceedings. The Consumer Financial Protection Act of 2010 authorizes the CFPB to use administrative adjudications to enforce compliance with the provisions of the Act, rules promulgated by the CFPB, and any other Federal law or regulation that the CFPB enforces. The rule is modeled on the uniform rules and procedures for administrative hearings adopted by the federal banking regulators and the rules of practice currently used by the SEC and FTC. The rule went into effect on July 28, 2011, and comments must be received by September 26, 2011. Click here for the rule.
0CFPB Issues Interim Rule on Alternative Mortgage Parity Act
0FinCEN Issues Prepaid Access Final Rule
Contacts
- /en/people/b/barr-lynne
Lynne B. Barr
Retired Partner - /en/people/b/brown-brooks
Brooks R. Brown
Partner - /en/people/h/hefferon-thomas
Thomas M. Hefferon
Partner - /en/people/m/mcgarry-james
James W. McGarry
Partner - /en/people/p/permut-david
David L. Permut
Retired Partner