Posts tagged ‘Five Guys’

Are We Facing a Data Breach Pearl Harbor?

You may not know Preet Bharara yet, buy my guess is that you will.  He is the U.S. Attorney for the Southern District in New York and in a recent piece in the New York Times, he compared the epidemic of cyber crime to a modern-day Pearl Harbor.  Evidence demonstrates that he’s not overstating the case, at least by much.

Listen, I love Five Guys as much as the next guy.  In fact, for my money, it’s the best fast food burger in the Country.  But, a recently disclosed security breach demonstrates yet again why merchants have to be made more responsible for protecting debit, credit, and, increasingly, prepaid cards.  My local paper, the Albany Times Union, reported the other day that Trustco is suing Five Guys because of its negligent handling of customer payment information that resulted in the theft of $90,000 worth of merchandize.  If what the bank alleges is true, it’s the same old story:  the merchant knew about the data breach for months but was slow to alert authorities.  Five Guys, of course, insists that it was complying with the law.

Then, today, the Wall Street Journal has an article detailing the security shortcomings at Fidelity National Information Services (FIS), which led both the OCC and the NCUA to be extra vigilant in dealing with the third party processor.  Of course, what these two cases have in common is that credit unions are victimized by third party processors and merchants that have too little responsibility for protecting debit and credit card information.  When the breach gets exposed, it is often the credit union or bank that is left holding the bag.  I wish Trustco all the best with their lawsuit, but unless there is a sea change in legal analysis, the courts will continue to be reluctant to hold merchants responsible to card issuers.  The problem is one that needs a legislative fix and quickly.

As explained recently by Bharara, “companies must start thinking ahead of the hack and locking their doors. It is simply no longer enough for company leaders to take a hands-off approach, leaving these matters to a few “techies.” Such an attitude practically invites a hack. Even simple measures — like employee training and regular threat assessments — can help companies avoid becoming the easy target.” 

The fact is that these are the type of steps that financial institutions have been taking for years; but without federal legislation, it simply won’t be in the financial interest of third party processors and merchants to adequately protect consumer records.  

America is the great information economy that refuses to recognize that high tech bank robbers are ripping off companies more easily than bandits could rip off stage coaches in the 19th Century.

June 6, 2012 at 7:17 am 3 comments


Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 653 other followers

Archives