Tennessee Electric Company Inc. (now TEC Industrial) was recently hit by a devastating cyber-attack that initially cost them $327,000. Once they realized what had happened, TEC notified their bank, TriSummit Bank, who were able to recover $135,000, leaving TEC on the hook for approximately $193,000.
According to Krebs On Security, “Tennessee Electric alleges that the bank only called to seek approval for the fraudulent batch on May 10, more than a day after having approved it and after [Krebs] contacted Tennessee Electric to let them know they’d been robbed by the Russian cyber-mob.”
Whereas consumers who bank online are protected by Regulation E — which limits their liability for lost money from unauthorized account activity online like this — businesses like TEC Industrial do not enjoy such protections.
States nationwide have adopted the Uniform Commercial Code (UCC), which holds that a payment order received by the [bank] is “effective as the order of the customer. Whether or not authorized. If the security procedure is a commercially reasonable method of providing security against unauthorized payment orders and the bank proves that it accepted the payment order in good faith and compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the client.”
Regardless of the legal viability, TEC Industrial has sued TriSummit in state court, alleging negligence, breach of contract, gross negligence and fraudulent concealment.
It’s cases like these that illustrate exactly why it’s so important to understand that hackers can and will attack businesses both large and small, often in ways that will shift blame to larger entities or their banks. In the end, someone’s going to pay, and it’s rarely going to be the hacker.
Will it be you?
Don’t put up with the same risks that TEC Industrial and TriSummit did. Get in touch with Brainlink at {phone} or {email} right away for expert security consultation services.