Consumer Financial Services Alert - August 9, 2011

Court Recognizes "Commercial Reasonableness" In Finding For Bank In Data Security Breach Case

People's United Bank, the nation's largest regional bank headquartered in New England, won a key victory in a data security breach case that had been followed for two years by the national banking associations, as well as by American Banker and other industry publications.

Patco Construction Company Inc., a commercial customer of the bank, brought suit alleging that the bank was responsible when third-party cybercriminals allegedly breached Patco's computer system, stealing passwords and challenge question answers allegedly through the use of keylogging malware, and executed a series of fraudulent withdrawals from Patco's checking account. Patco filed suit against People's United in 2009, alleging negligence, breach of contract, breach of fiduciary duty, unjust enrichment and conversion.

In May 2011, Magistrate Judge John Rich recommended that the court grant People's United's motion for summary judgment on all six counts and deny Patco's cross-motion for summary judgment. In a detailed, 70-page opinion, Rich found that People's United had "demonstrated that the security procedures that it had in place as of May 2009 were commercially reasonable" under Article 4A of the UCC and that the rest of Patco's claims were preempted. On August 3, 2011, Judge Brock Hornby upheld the Magistrate's recommendation.

"This was one of the first cases of its kind in the United States to deal with online hacking of bank accounts," said Goodwin partner Brenda Sharton, who led the litigation team representing People's United "People's United Bank's online banking security system is state of the art and among the best in use. Through this decision, the court recognized the commercial reasonableness of that system under the law." You can contact Brenda at 617.570.1214 to discuss this case.

Click here for the Magistrate's opinion.

CFPB Issues Interim Final Rule On Investigations

The Consumer Financial Protection Bureau issued an interim final rule that establishes its procedures for conducting investigations. The rule specifies procedures for civil investigative demands (similar to subpoenas), written reports and answers to questions (similar to interrogatories), and investigational hearings (similar to depositions). The rule went into effect on July 28, 2011, and comments must be received by September 26, 2011. Click here for the rule.

CFPB Issues Interim Final Rule on...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT