Beginning on November 9th, cyberthieves transferred $801,495 from Hillary Machinery Inc.’s PlainsCapital bank account. Once alerted to the issue, PlainsCapital recovered nearly $600,000 of the missing funds. Following a letter from Hillary representatives demanding the rest of the money be replaced, PlainsCapital decided to sue its customer in federal court saying that Hillary’s security posture was at fault and the breach made PlainsCapital look unfavorable to the public. PlainsCapital claimed that it did not breach any of its obligations under its commercial agreement with Hillary and that the wire transfers were not by fault of the bank, as they were made by someone who accessed Hillary’s account information through Hillary’s own computer systems. While Hillary acknowledges that the cyberattack occurred after someone acquired the company’s Internet banking user name and password and logged into its account, they have not yet determined how exactly this happened.
Recent updates to this story include that Hillary Machinery is filing a counter-lawsuit against PlainsCapital. A situation like this has been a long time coming and will have very broad and powerful implications for the banking industry and its customers. Every sized organization should be thinking about what has happened here. What does your contract with your bank look like? Does it mention you having the responsibility to take reasonable caution? Does it imply that your bank is responsible for any breach? Is it mentioned that it’s the bank’s responsibility to identify every transfer of funds as being done by the appropriate sources? The implications of this case are far-reaching and the outcome could permanently change the way corporations and banks interact.
Read the full article of this summary and analysis here: PlainsCapital Suing Hillary Machinery