SlideShare a Scribd company logo
1 of 12
How many of you have been the
victims of a data breach?
Most Americans have had their data compromised in one form or another
• FTC states 143 million American consumers’ personal information
was exposed in the recent Equifax Data Breach.
What This
Case Is About….
• Whether Border Insurance committed
a breach of contract by denying Bank
of Nation’s claims.
• Whether Border Insurance was liable
for negligence by not preventing the
data breach
Timeline of events:
Let’s Look at the Facts....
Border Insurance’s defense rests upon the following
contract language:
Our liability “does not cover malware
attacks if any evidence suggests that the
source of an IP could be related to a
company’s employee either by information
found in databases, or by other means.”
Continued....
● Bank of Nations claims for reimbursement were denied
○ Border Insurance claims malware originated from an IP address associated with Bank of
Nations - an IP address is NOT a reliable way of establishing identity
○ Border Insurance explicitly stated that “it was unknown if an employee created the virus”
- demonstrates their investigation findings were inconclusive
● No evidence that the IP address presented by the malware was not spoofed
○ IP Spoofing is a commonly used to obscure the true origin of a communication, especially to
hide criminal and malicious activity
No proof of origin established in the malware attack
Cybersecurity failures caused excessive
harm to numerous parties
● Border Insurance had an obligation to Bank of Nations to adequately protect the
bank’s IT infrastructure
○ Bank of Nations’ international operation meant a significant amount of sensitive information
relied upon this protection
● Border Insurance breached that obligation by failing to adhere to standards
○ Malware entered network undetected by Border’s security
○ Malware actively operated on network for 30+ days without Border Insurance recognizing infection
● Border Insurance's negligence has caused Bank of Nations and its customers
around the world to suffer economic losses
Continued....
What Does the
Law State?
• AF holdings v. Rogers
• “Due to the risk of ‘false positives,’” an IP
Address alone cannot be used as a method
of identification
• Manny Films, LLC v. John Doe
• “...An IP address is not a definitive way to
identify the individual who is using the IP
at the time.”
• Lone Star Bank v. Heartland Payment Systems
• “The issuing banks had a valid negligence
claim against Heartland for its
cybersecurity failures and that, if proven,
they could recover their consequential
damages from Heartland.”
What Does the
Law State?
•Requirements for Negligence:
Duty is owed to the plaintiff by
the defendant
Breach of the Duty
Injury: The plaintiff suffers harm
Causation: The defendant caused
the harm to occur
What does this mean?
● Border Insurance’s conclusion that the malware was of internal origin,
self-admittedly, cannot be validated
● IP addresses cannot be used as proof of identification
● Claims cannot be denied based upon unverifiable assumptions
● Therefore, not paying the claim would constitute a breach of
contract
What does this mean?
● Duty owed - Border Insurance was tasked with protecting Bank of Nations’ IT
infrastructure
● Breach of duty - Border Ins. failed to protect Bank of Nations by enabling malware to
enter into and reside on their network for greater than 30 days
● Injury - Bank of Nations has incurred significant financial losses internationally related
to the reimbursement of affected customers, as well as damage to their public image
● Causation - Systems implemented by Border Ins. were insufficient to prevent such an
attack
Therefore, Border Insurance was negligent in their practice
and should be held liable for damages incurred
AF Holdings v. Rogers. Case No. 12cv1519 BTM(BLM) (United States District Court, S.D. California. (January 23, 2013)
Federal Trade Commission. (2017, 11 26). The Equifax Data Breach. Retrieved from Federal Trade Commission: https://www.ftc.gov/equifax-data-breach
Identity Theft Resource Center. (2017, 11 22). Data Breaches. Retrieved from Identity Theft Resource Center: http://www.idtheftcenter.org/Data-Breaches/data-breaches
Lone Star National Bank, N.A.; Amalgamated Bank; First Bankers Trust Company, National Association; Pennsylvania State Employees Credit Union; Elevations Credit Union; O Bee
Credit Union;
Seaboard Federal Credit Union v. Heartland Payment Systems, Inc. Case No. 12-20648 (United States Court of Appeals, Fifth Circuit September 3, 2013)
Manny Film, LLC v. John Doe, subscriber assigned IP address 66.229.140.101 Case No. 0:15-cv-60446 (U.S. Civil Court Records for the Southern District of Florida March 5, 2015)
References

More Related Content

What's hot

RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARTalwant Singh
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in GovernmentJacqueline Fick
 
Cybercrime | IT Secutiry
Cybercrime | IT SecutiryCybercrime | IT Secutiry
Cybercrime | IT SecutiryGranthamEdu
 
Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the LawLogikcull
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 

What's hot (7)

RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWAR
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in Government
 
Cybercrime | IT Secutiry
Cybercrime | IT SecutiryCybercrime | IT Secutiry
Cybercrime | IT Secutiry
 
Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the Law
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
 

Similar to Bank of Nations vs. Border Insurance

The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Cyber for Beginners v2
Cyber for Beginners v2Cyber for Beginners v2
Cyber for Beginners v2Kenny Boddye
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionJoe Nathans
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareNationalUnderwriter
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
The Ugly Secret about Third Party Risk Management.pptx
The Ugly Secret about Third Party Risk Management.pptxThe Ugly Secret about Third Party Risk Management.pptx
The Ugly Secret about Third Party Risk Management.pptxBreachSiren
 
The Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfThe Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfBreachSiren
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitShawn Tuma
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims InsightGraeme Cross
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationEric Reehl
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
Scott Moulton scanning case RE: U.S.D.C. Georgia NMAP
Scott Moulton scanning case  RE: U.S.D.C. Georgia   NMAPScott Moulton scanning case  RE: U.S.D.C. Georgia   NMAP
Scott Moulton scanning case RE: U.S.D.C. Georgia NMAPDavid Sweigert
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyIFLP
 

Similar to Bank of Nations vs. Border Insurance (20)

The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
Cyber for Beginners v2
Cyber for Beginners v2Cyber for Beginners v2
Cyber for Beginners v2
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
The Ugly Secret about Third Party Risk Management.pptx
The Ugly Secret about Third Party Risk Management.pptxThe Ugly Secret about Third Party Risk Management.pptx
The Ugly Secret about Third Party Risk Management.pptx
 
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-152_CyberSecurity_2d_ARMA_IG_Panel_7-14-15
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15
 
The Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfThe Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdf
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By Wrf
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims Insight
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and Preparation
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Scott Moulton scanning case RE: U.S.D.C. Georgia NMAP
Scott Moulton scanning case  RE: U.S.D.C. Georgia   NMAPScott Moulton scanning case  RE: U.S.D.C. Georgia   NMAP
Scott Moulton scanning case RE: U.S.D.C. Georgia NMAP
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 

More from Taylor Wilson

More from Taylor Wilson (7)

The Cask of Amontillado
The Cask of AmontilladoThe Cask of Amontillado
The Cask of Amontillado
 
Overcoming Inertia
Overcoming InertiaOvercoming Inertia
Overcoming Inertia
 
Employee Training
Employee Training Employee Training
Employee Training
 
Decision Making Styles
Decision Making StylesDecision Making Styles
Decision Making Styles
 
Strategy Presentation
Strategy PresentationStrategy Presentation
Strategy Presentation
 
The parachute
The parachuteThe parachute
The parachute
 
Mormonism
MormonismMormonism
Mormonism
 

Recently uploaded

一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理bd2c5966a56d
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)Delhi Call girls
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxadvabhayjha2627
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYJulian Scutts
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理Airst S
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理A AA
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd         .pdfHely-Hutchinson v. Brayhead Ltd         .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfBritto Valan
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...Finlaw Associates
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...SUHANI PANDEY
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargainingbartzlawgroup1
 
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理F La
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理e9733fc35af6
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Dr. Oliver Massmann
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersJillianAsdala
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理ss
 
Elective Course on Forensic Science in Law
Elective Course on Forensic Science  in LawElective Course on Forensic Science  in Law
Elective Course on Forensic Science in LawNilendra Kumar
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for projectVarshRR
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理e9733fc35af6
 

Recently uploaded (20)

一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd         .pdfHely-Hutchinson v. Brayhead Ltd         .pdf
Hely-Hutchinson v. Brayhead Ltd .pdf
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
Elective Course on Forensic Science in Law
Elective Course on Forensic Science  in LawElective Course on Forensic Science  in Law
Elective Course on Forensic Science in Law
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 

Bank of Nations vs. Border Insurance

  • 1.
  • 2. How many of you have been the victims of a data breach? Most Americans have had their data compromised in one form or another • FTC states 143 million American consumers’ personal information was exposed in the recent Equifax Data Breach.
  • 3. What This Case Is About…. • Whether Border Insurance committed a breach of contract by denying Bank of Nation’s claims. • Whether Border Insurance was liable for negligence by not preventing the data breach
  • 5. Let’s Look at the Facts.... Border Insurance’s defense rests upon the following contract language: Our liability “does not cover malware attacks if any evidence suggests that the source of an IP could be related to a company’s employee either by information found in databases, or by other means.”
  • 6. Continued.... ● Bank of Nations claims for reimbursement were denied ○ Border Insurance claims malware originated from an IP address associated with Bank of Nations - an IP address is NOT a reliable way of establishing identity ○ Border Insurance explicitly stated that “it was unknown if an employee created the virus” - demonstrates their investigation findings were inconclusive ● No evidence that the IP address presented by the malware was not spoofed ○ IP Spoofing is a commonly used to obscure the true origin of a communication, especially to hide criminal and malicious activity No proof of origin established in the malware attack
  • 7. Cybersecurity failures caused excessive harm to numerous parties ● Border Insurance had an obligation to Bank of Nations to adequately protect the bank’s IT infrastructure ○ Bank of Nations’ international operation meant a significant amount of sensitive information relied upon this protection ● Border Insurance breached that obligation by failing to adhere to standards ○ Malware entered network undetected by Border’s security ○ Malware actively operated on network for 30+ days without Border Insurance recognizing infection ● Border Insurance's negligence has caused Bank of Nations and its customers around the world to suffer economic losses Continued....
  • 8. What Does the Law State? • AF holdings v. Rogers • “Due to the risk of ‘false positives,’” an IP Address alone cannot be used as a method of identification • Manny Films, LLC v. John Doe • “...An IP address is not a definitive way to identify the individual who is using the IP at the time.” • Lone Star Bank v. Heartland Payment Systems • “The issuing banks had a valid negligence claim against Heartland for its cybersecurity failures and that, if proven, they could recover their consequential damages from Heartland.”
  • 9. What Does the Law State? •Requirements for Negligence: Duty is owed to the plaintiff by the defendant Breach of the Duty Injury: The plaintiff suffers harm Causation: The defendant caused the harm to occur
  • 10. What does this mean? ● Border Insurance’s conclusion that the malware was of internal origin, self-admittedly, cannot be validated ● IP addresses cannot be used as proof of identification ● Claims cannot be denied based upon unverifiable assumptions ● Therefore, not paying the claim would constitute a breach of contract
  • 11. What does this mean? ● Duty owed - Border Insurance was tasked with protecting Bank of Nations’ IT infrastructure ● Breach of duty - Border Ins. failed to protect Bank of Nations by enabling malware to enter into and reside on their network for greater than 30 days ● Injury - Bank of Nations has incurred significant financial losses internationally related to the reimbursement of affected customers, as well as damage to their public image ● Causation - Systems implemented by Border Ins. were insufficient to prevent such an attack Therefore, Border Insurance was negligent in their practice and should be held liable for damages incurred
  • 12. AF Holdings v. Rogers. Case No. 12cv1519 BTM(BLM) (United States District Court, S.D. California. (January 23, 2013) Federal Trade Commission. (2017, 11 26). The Equifax Data Breach. Retrieved from Federal Trade Commission: https://www.ftc.gov/equifax-data-breach Identity Theft Resource Center. (2017, 11 22). Data Breaches. Retrieved from Identity Theft Resource Center: http://www.idtheftcenter.org/Data-Breaches/data-breaches Lone Star National Bank, N.A.; Amalgamated Bank; First Bankers Trust Company, National Association; Pennsylvania State Employees Credit Union; Elevations Credit Union; O Bee Credit Union; Seaboard Federal Credit Union v. Heartland Payment Systems, Inc. Case No. 12-20648 (United States Court of Appeals, Fifth Circuit September 3, 2013) Manny Film, LLC v. John Doe, subscriber assigned IP address 66.229.140.101 Case No. 0:15-cv-60446 (U.S. Civil Court Records for the Southern District of Florida March 5, 2015) References