Settlement Reached in Data Security Breach Lawsuit Against Bank
Yesterday, Village View, Inc. reached a settlement with Professional Business Bank, a California state-chartered bank subject to regulation by the Federal Deposit Insurance Corporation (FDIC), over the company’s lawsuit against the bank arising from a data security breach. In March 2010, Village View lost nearly $400,000 after the company’s bank account was compromised by hackers. The company brought suit against Professional Business Bank alleging, among other claims, that the bank failed to comply with the Federal Financial Institutions Examination Council’s (FFIEC) authentication guidance from 2005 and other FDIC guidance on identify theft. Specifically, Village View’s complaint alleged that the bank used only single factor authentication as opposed to multifactor authentication required by the FFIEC guidance. The company announced that the settlement amount included the full amount of lost funds plus interest from the bank.
The lawsuit and settlement are noteworthy insofar they underscore the potential significance of the FFIEC guidance, including the FFIEC’s release in 2011 of a supplement to its authentication guidance, to mitigate both regulatory and litigation risk.