Are We Facing a Data Breach Pearl Harbor?

June 6, 2012 at 7:17 am 3 comments

You may not know Preet Bharara yet, buy my guess is that you will.  He is the U.S. Attorney for the Southern District in New York and in a recent piece in the New York Times, he compared the epidemic of cyber crime to a modern-day Pearl Harbor.  Evidence demonstrates that he’s not overstating the case, at least by much.

Listen, I love Five Guys as much as the next guy.  In fact, for my money, it’s the best fast food burger in the Country.  But, a recently disclosed security breach demonstrates yet again why merchants have to be made more responsible for protecting debit, credit, and, increasingly, prepaid cards.  My local paper, the Albany Times Union, reported the other day that Trustco is suing Five Guys because of its negligent handling of customer payment information that resulted in the theft of $90,000 worth of merchandize.  If what the bank alleges is true, it’s the same old story:  the merchant knew about the data breach for months but was slow to alert authorities.  Five Guys, of course, insists that it was complying with the law.

Then, today, the Wall Street Journal has an article detailing the security shortcomings at Fidelity National Information Services (FIS), which led both the OCC and the NCUA to be extra vigilant in dealing with the third party processor.  Of course, what these two cases have in common is that credit unions are victimized by third party processors and merchants that have too little responsibility for protecting debit and credit card information.  When the breach gets exposed, it is often the credit union or bank that is left holding the bag.  I wish Trustco all the best with their lawsuit, but unless there is a sea change in legal analysis, the courts will continue to be reluctant to hold merchants responsible to card issuers.  The problem is one that needs a legislative fix and quickly.

As explained recently by Bharara, “companies must start thinking ahead of the hack and locking their doors. It is simply no longer enough for company leaders to take a hands-off approach, leaving these matters to a few “techies.” Such an attitude practically invites a hack. Even simple measures — like employee training and regular threat assessments — can help companies avoid becoming the easy target.” 

The fact is that these are the type of steps that financial institutions have been taking for years; but without federal legislation, it simply won’t be in the financial interest of third party processors and merchants to adequately protect consumer records.  

America is the great information economy that refuses to recognize that high tech bank robbers are ripping off companies more easily than bandits could rip off stage coaches in the 19th Century.

Entry filed under: Advocacy, Compliance, Legal Watch, Regulatory. Tags: , , , , , .

Midwest CDARS Programs Provide a Path for NY Fed Stimulus to Continue, Oh Boy!

3 Comments Add your own

  • 1. 行動電源推薦  |  June 24, 2013 at 6:57 pm

    That is the best blog for anybody who wishes to search out out about this subject. You comprehend so a great deal its practically exhausting to argue with you (not that I really would want aHa). You positively place a brand new spin on the subject thats been written about for years. Great things, just great!

  • 2. 推薦行動電源  |  June 24, 2013 at 6:59 pm

    Great submit! Thank a individual for, publishing on my smaller weblog individual! I m going to concept you a lengthy time. I didnt realise that.

  • […] But in the eight years since U.S. Attorney for the Southern District in New York, Preet Bharara, warned of a WWII style cyber-attack against this country, the situation has only gotten worse, not better. […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 653 other followers