Tenn. Power Company Suing Bank Over Cyber Heist

August 13, 2014

An industrial maintenance and construction firm in Tennessee is suing its bank to recover $327,000 in stolen funds, according to a Krebs On Security report. If the lawsuit proceeds to trial, it could be easier and cheaper for cyber attack victims to recover losses.

According to Krebs On Security: “In May, 2012, Kingsport, Tenn.-based Tennessee Electric Company Inc. (now TEC Industrial) was the target of a corporate account takeover that saw cyber thieves use a network of more than four dozen money mules to siphon $327,804 out of the company’s accounts at TriSummit Bank.”

While the bank was able to recover roughly $135,000 of those unauthorized transfers, Tennessee Electric was on the hook for the rest. This month, the company sued TriSummit in state court, alleging negligence, breach of contract, gross negligence and fraudulent concealment.

Tennessee Electric alleges that the bank only called to seek approval for the fraudulent payroll draft a day after having approved it, and after security blogger Brian Krebs (of Krebs On Security) alerted them to the heist.

According to Krebs’ report on his blog: “This lawsuit, if it heads to trial, could help set a more certain and even standard for figuring out who’s at fault when businesses are hit by cyberheists (for better or worse, most such legal challenges are overwhelmingly weighted toward banks and quietly settled for a fraction of the loss).”

While consumers who bank online are protected by Regulation E’s limits on liability for customers losing money through unauthorized account activity, businesses do not have the same protections. The Uniform Commercial Code (UCC) holds that a payment order received by a bank is “effective as the order of the customer, whether or not authorized, if the security procedure is a commercially reasonable method of providing security against unauthorized payment orders, and the bank proves that it accepted the payment order in good faith and in compliance with the security procedures and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the name of the customer.”

States across the U.S. have adopted this code, and interpretations mean that the most a business can hope to recover is the amount stolen in a cyber attack – often making it unfeasible to sue the bank and incur litigation fees, the report says.

In this webinar, we review the results of a benchmark study that asked security professionals about their past, present and future outlook on manned guarding. Want to know what your peers are saying about their weekly billed hours? Join us to find out!

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Poll

Comparison Metrics

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Tenn. Power Company Suing Bank Over Cyber Heist

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Tenn. Power Company Suing Bank Over Cyber Heist

Related Articles

Related Products

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.