Another Day, Another Data Breach

August 27, 2019 at 9:31 am Leave a comment

As faithful readers of the blog know, when I start with a sentence reporting the latest data breach uncovered by Krebsonsecurity, it means that a massive number of credit and debit cards have once again been stolen by hackers. According to the website, a popular underground store selling credit and debit cards is offering to sell more than 5.3 million new accounts belonging to cardholders from 35 states. It now appears that this treasure trove of information was stolen from the Hy-Vee Supermarket chain, which apparently has hundreds of stores in the Midwest.

On August 14, the company announced that because it “takes the security of payment card data very seriously,” it wanted to make its customers aware of an investigation it was conducting into a “security incident” that focused on payments made at affiliated gas stations, restaurants, and supermarkets.

Since the supermarket chain is based in the Midwest, hopefully this will not impact your members; it does, however, give me the opportunity to once again point out obvious points that so many of our policy makers refuse to acknowledge or act on.

  • When are we going to stop calling the black market for credit and debit card information a black market? On a practical level, people can go onto the web and sell this information with virtual impunity. In reality, it’s become a de facto secondary market. Consumers and businesses are paying the price.
  • The legal system works best when the parties most responsible for a given injury bear the burden of the cost associated with their mistake. By this standard, liability for data breaches remains woefully inadequate. This breach will undoubtedly spark several lawsuits and result in a large multimillion dollar settlement, but so long as consumers have to prove not only that their data was exposed to a data breach, but that their data actually was used in a way that cost them money, consumers will have a difficult time making businesses pay for the harm they are inflicting. As for financial institutions, courts and legislators have to stop viewing data breaches as contract violations as opposed to torts for which there are wide ranging damages.
  • Of course, all of this could be resolved by Congress, but it won’t be; at least not in the near future.

Wildcard Legislation Sent to Governor

Late last week, legislation was sent to the Governor to extend the Department of Financial Services’ wildcard powers for banks and credit unions. This is absolutely critical legislation which we expect the Governor to approve. Without action by the Governor, this power expires in September.

Originally passed in 1996 to make the state banking charter more competitive with its federal counterpart, the law has applied to credit unions since 2007. The basic idea is that state chartered financial institutions can apply to the Department of Financial Services for permission to exercise a power that federally chartered institutions have, but that state chartered credit unions do not. In recent years, the Department of Financial Services has utilized its authority to help both banks and credit unions, and so doing, has made the state charter more attractive to federal credit unions.

The Association has of course signaled its support of the measure and we will tell you when the Governor takes action on the bill.

Entry filed under: New York State, Technology. Tags: , , , .

Why D.C.’s Policy Pronouncements are the Key to Economic Growth You Should Know About These Cases

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 785 other followers


%d bloggers like this: