authentication, comerica, commercially reasonable security, contracting, experimetal, FFIEC, layered security, multifactor authentication, patco, phishing, reasonable, Red Flags Rule, Security, security breach, security breach litigation, token, UCC 4A-202
The Duty to Authenticate Identity: the Online Banking Breach Lawsuits
By InfoLawGroup LLP on April 17, 2012
We have entered an era where our commercial transactions are increasingly being conducted online without any face-to-face interaction, and without the traditional safeguards used to confirm that a party is who they purport to be. The attenuated nature of many online relationships has created an opportunity for criminal elements to steal or spoof online identities and use them for monetary gain. As such, the ability of one party to authenticate the identity of the other party in an online transaction is of key importance.To counteract this threat, the business community has begun to develop new authentication procedures to enhance the reliability of online identities (so that transacting parties have a higher degree of confidence that the party on the other end of an electronic transaction is who they say they are). At the same time, the law is beginning to recognize a duty to authenticate. This blogpost post looks at two online banking breach cases to examine what courts are saying about authentication and commercially reasonable security.
Breach, damages, litigation, personal information, privacy, security breach litigation
California Federal Court Holds that Damages Properly Alleged in RockYou Data Breach Case
By InfoLawGroup LLP on April 19, 2011
In what may be a sign of an evolving judicial atmosphere and approach concerning data breach lawsuits, a Federal judge in the Northern District of California District Court recently refused to dismiss various causes of action related to a data breach involving RockYou. In particular, the Court explored the issue of whether the plaintiff sufficiently alleged "harm" arising out of the data breach. This blog post takes a look the highlights of the Court's decision.
damages, injury-in-fact, motion to dismiss negligence security breach litigation standing injury-in-fact, negligence, security breach litigation, standing
Quickhits: Federal Judge Dismiss Aetna Data Breach Case Due to Lack of "Injury-in-fact"
By InfoLawGroup LLP on March 12, 2010
4A-202, banking, Breach, FFIEC, litigation, measures, online, reasonable, reasonable security, Security, security breach litigation, Shames-Yeakel, standards, UCC, UCC 4A-202
The Curious Case of EMI v. Comerica: A Bellwether on the Issue of "Reasonable Security"?
By InfoLawGroup LLP on February 24, 2010
ADCR, banking, Breach, Heartland, PCI DSS, security breach litigation, settlement
Issuing Banks File Class Action Suit Against Acquiring Banks in Heartland Breach Matter
By InfoLawGroup LLP on January 21, 2010
banking, FFIEC, measures, online, online banking, reasonable, reasonable security, Security, security breach litigation, security breach litigation security measures, security standards, Shames-Yeakel, UCC 4A-202
Online Banking and "Reasonable Security" Under the Law: Breaking New Ground?
By InfoLawGroup LLP on January 13, 2010
Breach, Cloud, Countrywide, credit monitoring, security breach litigation, security measures, settlement
Quickhits: Security in the Ether; Countrywide Settles Data Breach Case
By InfoLawGroup LLP on January 05, 2010
payment card, payment card security breach litigation, PCI DSS, PCI DSS heartland, security breach litigation
Quickhits: AMEX settles with Heartland Payment Systems for $3.6 Million
By InfoLawGroup LLP on December 22, 2009
litigation, payment, payment card, PCI DSS, PCI DSS Radiant Systems, Radiant, Savvis, security breach litigation, security breach litigation service provider, service provider, Systems
The Merchants Strike Back?
By InfoLawGroup LLP on December 03, 2009
class action, FTC, Hannaford, malware, negligence, security breach litigation, SQL injection, State case law
Merchant Liability for "Time and Effort" Following Security Breach?
By W. Scott Blackmer on October 09, 2009
This week the federal court in the Hannaford class action asked the highest court in Maine to clarify whether cardholders' "loss of time and effort" are sufficient injuries to ground a negligence claim following a payment card security breach.
