Tennessee Electric Co. (TEC) is seeking $2 million in punitive damages plus compensatory judgment of more than $190,000 for an alleged unauthorized funds transfer last year from its TriSummit Bank account.
When contacted for a response, TriSummit Bank Chairman and Chief Executive Officer R. Lynn Shipley Jr. made the following statement:
“It is a well-known fact that cybercrimes are a rampantly growing threat to individuals and businesses worldwide. I am proud to report that TriSummit Bank’s systems, including Internet banking and treasury management systems, have never been breached since our founding six years ago. Further, TriSummit Bank’s security procedures have always met or exceeded industry standards. It’s also important to note that neither our bank nor any other financial institution can control the Internet, or whether or not the customer utilizes up-to-date anti-virus software, or whether the customer’s employees properly follow security procedures. I want to assure our clients, investors, employees and the public that TriSummit Bank will vigorously defend itself against the allegations set forth by (TEC).”
The situation that evolved into the lawsuit first surfaced last spring in the blog report “KrebsOnSecurity.com ” written by former Washington Post reporter Brian Krebs.
According to the lawsuit, TEC and bank officials entered into a banking agreement in October 2010 that would give the contractor the ability to originate and receive Automated Clearing House transactions via personal computer.
In February 2012, TEC and bank officials met to verify telephone confirmation would be used by the bank “to protect both parties from fraudulent transactions,” the lawsuit noted.
On May 8, 2012, TEC claimed it was unable to log on to the bank’s website using an Internet protocol address to upload weekly payroll files.
The next day, TEC received two phone calls during the lunch hour from a “Jim” who identified himself as being with the bank’s “IT Department” and told the contractor to log on to the bank’s website for online banking to determine if the site was fixed.
Just after 1 p.m., TEC alleged the bank had accepted an unauthorized $327,804 draft from TEC’s bank account going to 55 different deposit accounts in the U.S.
TEC did eventually get a phone call from the bank, but only after the bank had approved the fraudulent transaction, the lawsuit alleged.
Krebs told TEC officials the source of the account “hacking” might have come from Russia, the Ukraine or overseas.
The lawsuit stated the bank was able to recover some funds, but there was a net loss of more than $192,000.
TEC also alleged TriSummit tried to cover up its actions related to the unauthorized bank draft and refuses to cover the net loss.
TEC is a specialty contractor providing electrical, mechanical, maintenance and construction services in the Southern, Eastern and Midwest U.S.