A federal appeals court this week overturned a lower court ruling, which had ruled that Ocean Bank was not legally responsible for the breach of Patco Construction’s bank account by Zeus-wielding cyber thieves.
In May 2009, Patco, a Sanford, Maine-based construction company, filed a lawsuit against Ocean Bank for failing to protect its accounts from cyber thieves who used the Zeus trojan to steal $588,000 in fraudulent automated clearing house (ACH) transfers.
Patco was able to recover $230,000 of the stolen funds, but sued Ocean Bank for failing to detect and prevent the bogus transfers. The bank filed a motion to dismiss the lawsuit.
The appeals court said that Ocean Bank, which was subsequently acquired by People’s United Bank, failed to take appropriate action when its security system flagged six related transactions as being likely fraudulent.
The appeals court did not award Patco any money, but instead advised the parties “to consider whether it would be wiser to invest their resources in resolving this matter by agreement.”