On January 21, 2015, Travelers Casualty and Surety of America (Travelers) sued Ignition Studio Inc. (Ignition) based on professional negligence and breach of contract claims in the District Court for the Northern District of Illinois. Travelers filed the action based on its subrogated interest and on behalf of its insured, Alpine Bank. Ignition was hired to design and service Alpine’s website. However, the complaint alleges that Ignition “negligently allowed one or more hackers to access Alpine Bank’s website through lax Internet security on the server where the website was hosted. Because of Defendant’s negligence, Alpine Bank had to expend substantial funds to comply with data breach notification obligations.” The complaint also seeks damages related to the significant funds to notify bank customers of the unauthorized access to their private information.” Count I of the complaint, entitled professional negligence, asserts Ignition breached its duty to perform website maintenance and servicing work. Count II of the complaint, entitled breach of contract, asserts Ignition breached its agreement with Alpine to provide maintenance for Alpine’s website.

The data breach was first reported in September 2012 when Alpine bank notified a small number of its customers that their social security numbers and account numbers may have been compromised. Alpine also informed their customers to be cautious and monitor their credit and other financial accounts. Additionally, Alpine provided affected customers with one year of free credit monitoring.

Alpine Bank has less than 20 branches in northern Illinois. It is not a Home Depot, Target or Sony. Thus, data breaches are no longer just a concern for large retailers or other large corporations. Rather, hackers are targeting smaller, regional businesses. These smaller-scale hacks can be just as devastating to smaller corporations as the larger hacks are to larger businesses. Even more devastating is the fact that a smaller business may not have proper protection or insurance in place. Admittedly, banks have been the best prepared against data breaches. Unfortunately, it is only a matter of time before we see hacks take place at smaller businesses that are not as well-equipped to handle these attacks.