With hackers on the loose, and wire transfers as a place for them to gain unauthorized access to bank accounts, it is no wonder that when it comes to potentially intercepted wires, customers and banks are playing hot potato with who to blame. Typically, banks bear the risk of loss for unauthorized wire transfers. The Electronic Fund Transfer Act (“EFTA”) for consumer accounts and Article 4A of the Uniform Commercial Code (“UCC”) for business accounts, are two entities that govern these transfers. Both have opposing interests considering that the EFTA attempts to shield customers from paying unauthorized charges whereas the UCC has a framework in place that protects the banks and shifts the risk of loss to the customer if the bank can show that (1) a commercially reasonable security procedure was in place and, (2) the bank accepted the payment order in good faith and in compliance with the security procedure and any other written agreement or customer instruction.
Continue Reading Bank Security and Wire Transfers: Even Vaulted Systems Can’t Protect All Personal Information

On July 20, 2015, in Remijas v. Neiman Marcus Group, LLC, No. 14-3122 (7th Cir. 2015), the Seventh Circuit held that the United States District Court for the Northern District of Illinois wrongfully dismissed a class action suit brought against Neiman Marcus after hackers stole their customers’ data and debit card information.  The District

With data breaches being the quickly trending “flavor of the month” criminal activity, it’s no shock that on June 4, 2015 yet another system was hit. This time though, it may be one of the largest cyberattacks in U.S. history—compromising as many as 4 million current and former federal employees’ information. The U.S. Office of Personnel Management (OPM) handles security clearances and background checks and although many would assume that its security is top-notch, the facts on the ground reveal that every place taking in sensitive information—including the government—must update its privacy infrastructure.
Continue Reading Even the Federal Government Can’t Hide: How a High-End Cyberattack Breached One of the Most “Protected” Systems

With the amount of commerce conducted through networks increasing exponentially each year, the importance of implementing robust cybersecurity polices is as critical as ever. Just last month, the Congressional Research Service released its paper about cybersecurity information sharing and how this helps companies decrease preventable breaches. Coupled with industry research, the paper is a must-read

On October 24, the Federal Communications Commission (FCC) threw its hat into the data security regulation ring when it announced it intends to fine two telecommunications companies $10 million for allegedly failing to safeguard the personal information of their customers.

Both TerraCom, Inc. (TerraCom) and YourTel America, Inc. (YourTel) allegedly collected customers’ personal information, including

The Nevada State Bar (the “Bar”) has confirmed that “criminals” forced their way into storage facilities maintained by the Bar related to past bar exam applicants and made off with “18 records of individuals.” The loss appears to have been first reported at databreaches.net. It does not sound like much, but databreaches.net further reports that at least one case of identity theft has been confirmed.
Continue Reading Nevada State Bar Data Breach Reminds Us That Paper Still Matters

The University of Wisconsin-Milwaukee (“UWM”) announced on Wednesday that a malware-infected, university server was discovered on May 25th that allowed hackers, apparently seeking research data, to access several types of scanned documents. Included in the potentially accessed documents were student applications from past and present students, which applications contained Social Security numbers.
Continue Reading HACKED: 75,000 Social Security Numbers at Risk at University of Wisconsin

California State Senator, Joe Simitian (D-Palo Alto), who authored the state’s existing data breach law in 2002, has introduced Senate Bill 24 to strengthen the content of notices provided to individuals when their personal information has been hacked, stolen or lost. If passed, Senate Bill 24 proposes to offer individuals better protection against identity theft