About Us | Contact Us
View Cart

For Those of Us Who Still Question the Supplement

By Vigilize | Wednesday, December 5, 2012 - Leave a Comment

Court finds People’s United Bank security practices to be “commercially unreasonable.”

After hackers stole $300,000 from Patco Construction Company in 2009, a court has ruled that the bank’s security practices were to blame, labeling them “commercially unreasonable.” People’s United Bank will be paying Patco all the money that they lost to the hackers as well as $45,000 in interest.

During the incident, despite suspicious transactions being flagged as “high-risk” by the bank’s security system, the bank failed to contact the customer, resulting in a series of transactions over seven days. By the time Patco realized what was happening, nearly $600,000 had been transferred out of the company’s account.

This isn’t a first for this type of incident. In recent years, businesses around the country have lost millions of dollars to hackers who stole bank account credentials by infecting their computers with malware. In this specific case, an email was sent to employees who opened it and unknowingly installed the Zeus password-swiping trojan on company computers.

People’s United Bank used Jack Henry & Associates’ NetTeller as its security system at the time of the incident which offers a number of authentication options, most of which were rejected by the bank. Not only did they reject the authentication options, but they also failed to configure the system properly and failed to use it properly. The system asked users challenge questions for every transaction customers made. This security measure coupled with hackers installing keystroke-logging malware on company computers means that what the bank thought was a secure system of confirming identity is actually nonexistent. The appellate court ruled that the bank actually increased the risk of fraud by asking the security questions with every transaction.


Original article by Kim Zetter.
Read the full story here.

Latest News
    How Do We Know What We Know? Making Sure You Can Understand What Happened in an Incident. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Until I reclined on my front yard, looking at the sky, following the instructions on how not to look […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    President Biden recently signed a bill tasking the agency with evaluating the unique risks that schools face… An article review. Taking note of the unique challenges educational institutions face in securing their networks, President Biden has signed a bill into law directing the Cybersecurity and Infrastructure Security Agency (CISA) to look into ways that they can […]
    Thanks for being interested in our Technology Planning Webinars! This year‘s annual update to our annual Technology Planning webinar will include a panel discussion, a review of the previous years’ movies that are already available, and a discussion about alternative tactics that have arisen from recent conferences as well as the impact of the AIO […]
    Welcome Cybersecurity Conference Attendees! Thanks for joining us for the Cybersecurity Conference today! We have created this page for you to have access to the deliverables from Dan’s talk.  
    What you need to know for compliance coast-to-coast. Back in 2020 we posted an article containing links to data breach laws from each state, and it has proven to be one of our more popular posts.  Because laws surrounding the use (and abuse) of technology are always evolving, we thought it was worth taking another […]
    Why It Rhymes With SEEM (And its Not the I Before E Rule) Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . It’s the Gestalt. The idea that the whole is greater than the sum of it’s parts. That’s not something that is often brought […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]