According to a statement released by Town of Poughkeepsie Supervisor Pat Myers, Town of Poughkeepsie bank accounts were hacked on January 12, 2010, and four unauthorized transfers totaling $378,000 were made from the TD Bank account and deposited in banks in the Ukraine. These transactions were discovered the next day and the bank was immediately notified of this activity. The police were called in to investigate.

While $95,000 is stated to have been recovered, what about the rest?

The silence from TD Bank officials is deafening.

It is reasonable to assume the bank would question 9 transfer authorizations on the Town’s accounts to depositories in the Ukraine. A reasonable person might conclude that under the circumstances TD Bank would make the depositor whole.

But in an eerily similar case PlainsCapital Bank declined to refund unrecovered money and sued Hillary Machinery, Inc., the depositor, in the US District Court for the Eastern District of Texas. (See PlainsCapital Bank v.Hillary Machinery, Inc., Case 4:09-cv-00653-MHS-ALM) The Bank asked the court to certify that its security procedures were "commercially reasonable”, that the wire transfer orders were accepted in good faith and that the bank had not breached its agreement with the victimized depositor.

Banks used to have safes. When they did, they were responsible for protecting what was in that safe. Now that the money is kept in cyberspace, they should have the same obligation to protect that money. If banks can limit their liability just because Jesse James uses a Zbot instead of a gun then banks really are giving their commercial customers a false sense of security.