Essilor Manufacturing has sued JP Morgan, alleging the bank ignored suspicious activity which culminated in cyber criminals stealing $272m.
According to reports, the French manufacturer of Ray-Ban sunglasses claimed the bank failed to notify it of suspicious activity in its New York bank account.
In papers filed at a federal court in Manhattan, the manufacturer said there was a huge increase in the volume of money transacted, as well as money being sent to shell companies in countries seen as high-risk.
“The fraudulent transfers were all made in round dollar amounts (i.e., no cents), which was a dramatic departure from prior periods where round dollar transfers were relatively infrequent,” Essilor Manufacturing said.
According to a Bloomberg report, Essilor has recovered all but $100m of the stolen money, an amount it said was “costly and burdensome”.
JP Morgan is one of the world’s biggest banks, with a huge IT budget. Speaking at a recent event, Ziv Gafni, who is head of digital strategy, fintech and markets innovation at JP Morgan, said the bank invests about $12bn a year in technology.
A large proportion of any bank’s IT spend goes on security, but criminals still find their way around defences.
Gareth Lodge, analyst at Celent, said banks could build trust by improving activity monitoring. “There is an opportunity for banks to differentiate, by doing extra checks, providing training etc. Given how widespread [the problem] is, it should also be something banks should work together on.”
Rik Turner, cybersecurity analyst at Omdia, said he is not surprised. "The US is a very litigious society, and breaches have led to lawsuits before. I think there have even been some class actions representing many hundreds of individual customers. There have certainly been plenty of lawsuits against retailers etc."
"I don’t actually remember a lawsuit specifically against a bank for a breach, but it seems perfectly logical that such action should be taken, and indeed, I would expect to see even more of this going forward."
Read more about hackers and cyber crime prevention
- Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state.
- Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims.
- US president Joe Biden has urged critical infrastructure owners and operators to “accelerate efforts to lock their digital doors” in warning over potential cyber attacks from Russia.
Banks are also under the spotlight as a result of failures to spot suspicious activity on their networks. For example, banks have received huge fines from regulators for failing to identify and prevent money laundering by criminals.
According to research published last year by business-to-business information services company Kyckr, 28 financial institutions across the globe were fined for AML-related violations in 2020, equating to roughly £2.6bn.
The UK has the second-highest amount of money laundered globally, with an estimated £88bn cleaned by criminals each year.