Tennessee firm blames bank for $193K cybertheft

TEC Industrial sues TriSummit bank for failing to spot fraudulent wire transfers.

A lawsuit filed in Tennessee earlier this month has resurfaced questions about a bank's responsibility in protecting customers against cyberheists.

TEC Industrial Maintenance & Construction (formerly Tennessee Electric Company) is seeking to recover about $193,000 that was stolen from its bank account by a gang of Russian cyberthieves in May 2012.

In a lawsuit, the company blamed its financial institution, Trisummit Bank, for the loss and claimed the theft happened only because the bank failed to follow agreed upon security practices. The lawsuit accuses TriSummit of negligence, breach of contract and fraud.

Details of the lawsuit were first reported by security blogger Brian Krebs on Wednesday.

The TEC case is similar to several lawsuits in recent years involving banks and corporate victims of online theft.

Like the others, the theft at TEC appears to have happened after hackers stole the login credentials used by the company to access its bank account.

The hackers then used that access to illegally initiate wire transfers to as many as 55 accounts around the country. The transferred amounts ranged from $500 to $11,000 and totaled more than $327,800.

After the fraud was discovered, TriSummit Bank managed to recover about $135,000 of the illegally transferred funds, leaving TEC short $193,000. The bank gave TEC the money that it recovered, but did not compensate the company for the full amount that was stolen.

In its lawsuit, TEC blamed TriSummit for the loss.

The company claimed that TriSummit should have spotted the fraudulent transactions because they were highly unusual and involved sums and bank accounts that were completely untypical for TEC.

The lawsuit also noted that the bank typically would call TEC to verify wire transfers before executing them but in these cases did not do so.

Neither TEC nor TriSummit responded to a Computerworld request for comment.

In the other cases, banks have argued that they cannot be held responsible if someone illegally uses a customer's valid login credentials to initiate wire transfer requests. They have argued that it is the customer's responsibility to adequately protect the username and password to corporate bank accounts.

Courts have been split on the issue. In June, the U.S. Court of Appeals for the Eight Circuit ruled in favor of the bank in a case involving an escrow firm that suffered a cybertheft similar to the one that hit TEC.

The appeals court held that the bank had acted in good faith when it executed several money transfer orders that appeared to come from the escrow firm but in fact were initiated by crooks. The court rejected the escrow firm's claims that the bank should have spotted the fraudulent transactions, and instead said the theft occurred because the firm had failed to follow the bank's security advice.

However, the Court of Appeals for the First Circuit ruled in favor of the victim in a similar case involving a Maine-based construction company. In that case, a three-judge panel overturned a lower court ruling and held that the bank was responsible for the breach because it had failed to implement reasonable security measures. The two parties later settled the case.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and HackingFinancial ITsecurity

More about TECTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place