{"id":244701,"date":"2026-05-12T17:18:00","date_gmt":"2026-05-12T21:18:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/12\/when-your-vendors-breach-becomes-your-lawsuit-privacy-risk-lessons-from-recent-bank-litigation-fbt-gibbons-llp\/"},"modified":"2026-05-12T17:45:06","modified_gmt":"2026-05-12T21:45:06","slug":"when-your-vendors-breach-becomes-your-lawsuit-privacy-risk-lessons-from-recent-bank-litigation-fbt-gibbons-llp","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/12\/when-your-vendors-breach-becomes-your-lawsuit-privacy-risk-lessons-from-recent-bank-litigation-fbt-gibbons-llp\/","title":{"rendered":"When Your Vendor\u2019s Breach Becomes Your Lawsuit: Privacy Risk Lessons from Recent Bank Litigation | FBT Gibbons LLP"},"content":{"rendered":"<p><a href=\"https:\/\/www.jdsupra.com\/legalnews\/when-your-vendor-s-breach-becomes-your-8586080\/\">When Your Vendor\u2019s Breach Becomes Your Lawsuit: Privacy Risk Lessons from Recent Bank Litigation | FBT Gibbons LLP<\/a><\/p>\n<p><a href=\"https:\/\/www.jdsupra.com\/legalnews\/when-your-vendor-s-breach-becomes-your-8586080\/\">https:\/\/www.jdsupra.com\/legalnews\/when-your-vendor-s-breach-becomes-your-8586080\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-12 17:18:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.jdsupra.com\">www.jdsupra.com<\/a><\/p>\n<p>A recent high-profile incident illustrates the growing litigation and regulatory risks that financial institutions face from vendor-driven data breaches. Within weeks of a national bank confirming a data security incident at a third-party service provider, at least two putative class actions were filed, though none of the alleged conduct appears to have occurred within the bank itself. According to public reporting, the intrusion took place at a third-party vendor; yet the bank, not the vendor, is now defending negligence, breach of fiduciary duty, breach of implied contract, and unjust enrichment claims on behalf of a putative nationwide class.<\/p>\n<p>The bank matter is the latest \u2014 but likely not the last \u2014 reminder that, from a cybersecurity and litigation standpoint, a financial institution\u2019s perimeter is not where its servers end; rather, it extends to wherever its data resides. For bank general counsel (GCs), chief technology officers (CTOs), chief information officers (CIOs), chief information security officers (CISOs), and compliance officers (COs), this litigation validates three distinct but interlocking risks worth re-examining: (1) vendor risk management, (2) litigation exposure under evolving theories of liability, and (3) regulatory compliance with the Interagency Guidelines Establishing Information Security Standards (\u201cGuidelines\u201d)[1] issued under the Gramm-Leach-Bliley Act (GLBA), plus the rapidly expanding patchwork of state data security and consumer privacy laws.<\/p>\n<h2>The Fact Pattern Banks Should Recognize<\/h2>\n<p>The publicly reported allegations follow a familiar pattern. A threat actor compromises a service provider that processes or stores customer data on the bank\u2019s behalf. The bank itself is not compromised, but its customers\u2019 non-public personal information (NPI) \u2014 names, addresses, account numbers, Social Security numbers, drivers\u2019 license numbers, and dates of birth \u2014 is exfiltrated.[2] The bank investigates, notifies regulators&#8230;<\/p>\n<p><a href=\"https:\/\/www.jdsupra.com\/legalnews\/when-your-vendor-s-breach-becomes-your-8586080\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When Your Vendor\u2019s Breach Becomes Your Lawsuit: Privacy Risk Lessons from Recent Bank Litigation |&#8230;<\/p>\n","protected":false},"author":1,"featured_media":244703,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/jdsupra-static.s3.amazonaws.com\/profile-images\/og.16362_3110.png","fifu_image_alt":"","footnotes":""},"categories":[16],"tags":[30],"class_list":["post-244701","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-privacy","tag-breach"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244701"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=244701"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244701\/revisions"}],"predecessor-version":[{"id":244705,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244701\/revisions\/244705"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/244703"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=244701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=244701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=244701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}