Blog: More than 100 Banks under Silent Siege
By John E. Lande and Howard O. Hagen, Dickinson Mackaman Tyler & Hagen P.C.
Last month, the New York Times revealed that a group of hackers infiltrated more than 100 banks and e-payment systems worldwide. Bloomberg followed up with a report that the hackers were able to steal more than $1 billion over the course of two years, starting in 2013. For two years, unbeknown to the banks, the attackers used malicious software to compromise bank cyber and surveillance systems.
This is the latest example in a string of high-profile cyberattacks on financial institutions. Our Dickinson Law blog has repeatedly covered the scope and magnitude of cyber-threats banks face, including:
- The threat posed by corporate account takeover and how banks could be liable for substantial losses from business accounts;
- Small banks and large banks are equally attractive targets for cybercriminals;
- Security flaws in Website security protocols can lead to disclosure of sensitive personal information that can be used to infiltrate financial accounts; and
- Organized attacks by quasi-state actors intended to gather information that can be used to infiltrate financial accounts.
The attack that was reported in February is particularly disturbing because it was ongoing from 2013 to the present. The fact that the attackers were able to avoid detection, even while ATMs were randomly dispensing cash, for two years should cause every financial institution to consider the adequacy of its security systems.
The day may come when banks are able to share responsibility for cybersecurity with retailers and other business groups. A recent ruling from a court in Minnesota in the litigation over Target’s 2013 data breach is a step toward this shared responsibility. However, for now banks will continue be on the frontline for cyberattacks.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
John Lande is an associate attorney at Dickinson, Mackaman, Tyler, & Hagen P.C. His practice covers a range of commercial litigation matters and he also advises banks on issues related to cybersecurity, criminal investigations, fraud, confidentiality, insider transactions, mobile banking, collections and wire transfers. He writes regularly for Dickinson’s Iowa Banking Law Blog, where this article originally appeared. John can be reached at firstname.lastname@example.org.
Howard O. Hagen practices primarily in banking law. For more than 25 years he has counseled banks in virtually every Iowa county on such issues as regulation, acquisitions and various corporate and shareholder matters that have confronted banks in both good and troubled times. He can be reached at email@example.com.
In Blogs & Viewpoints, prepaid and emerging payments professionals share their perspectives on the industry. Paybefore endeavors to present many points of view to offer readers new insights and information. The opinions expressed are not necessarily those of Paybefore.