CU Lawsuit Highlights an Issue We Can All Agree On

November 5, 2020 at 9:22 am Leave a comment

Despite the election, one area that Americans can usually find common ground on is the need for more protections for data security. Yesterday, a federal court in Ohio allowed a class-action lawsuit brought against the Sonic restaurant chain by, among others, American Airlines FCU, Arkansas FCU and Redstone FCU to go forward. When you’re talking to those newly minted Congressional members following the election, Sonic Corp. Customer Data Breach Litigation is the best example I’ve seen on why Congress needs to implement uniform data security standards.  

The case involves a data breach that occurred over a six-month period because Sonic used antiquated technology. Most importantly, its point of sale terminals were not required to have encryption technology, giving hackers easy access to card information for several months. That encryption has, of course, become common practice for many institutions and is a required component of the data protection plans for all New York State Chartered and licensed institutions. 

The case is also instructive for another reason. One of the key issues in data breach litigation continues to be determining who is actually injured by a data breach. In seeking class-action status, the financial institutions argued that the class of plaintiffs eligible to sue Sonic should include “All banks, credit unions, financial institutions, and other entities in the United States that received an alert of a potentially compromised account from any card brand in the Sonic Data Breach.”  The court slightly modified this class, allowing the suit to go forward for “all banks, credit unions, and financial institutions in the United States that received notice and took action to reissue credit cards or reimbursed a compromised account from any card brand involved with the Sonic Data Breach.” In contrast, merchants continue to argue that only persons who can demonstrate that their data was actually stolen by hackers should be able to sue. 

In short, this case is the latest example of how merchants want to benefit from card technology, but make financial institutions responsible for all the risks and costs associated with its use. 

New York Extends Remote Notarization Authorization

Earlier this week, the Governor’s office issued another extension of its remote notary authorization. This is welcome news for those of us requiring notarization for documents – especially as COVID-19 cases begin to surge again across the country.

Entry filed under: Federal Legislation, Legal Watch, Technology. Tags: , , , .

What do debt collectors and hemp producers have in common? Election Post-Mortem, Continued Gridlock Means Tough Times Ahead

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 785 other followers


%d bloggers like this: