When a data breach occurs, the guilty party—a fraudster or criminal syndicate— is often nowhere to be found. Who bears the loss from a breach perpetrated by a fraudster: the consumer whose data was compromised, the financial institution where the data was used, or the business that failed to protect the data? Often, the loss initially falls on the financial institution through account or card agreement provisions or deadlines imposed by statutes or regulations. Can a financial institution recover these losses from a business with whom it has no contract? This depends on which law applies.
Continue Reading Recovering Data Breach Losses from Non-Contractual Parties

MICROS, a point-of-sale (POS) payment systems vendor owned by Oracle, has suffered a malware attack according to security news site KrebsOnSecurity reported August 8, 2016.  MICROS is one of the three largest POS systems used globally by many companies in the retail and hospitality industry. It appears that Carbanak (aka Anunak), a Russian cybercriminal gang known to hack into retailers, penetrated up to 700 computer systems at Oracle, also compromising a customer support portal for companies using Oracle’s MICROS POS credit card payment systems.
Continue Reading MICROS POS Systems Exposed By Malware Attack Which Targets Retail Merchants