Shostack + Friends Blog Archive


Failure to Notify Leads to Liability in Germany

…a Bad Homburg business man won millions in damages in a suit against the [Liechtenstein] bank for failing to reveal that his information was stolen along with hundreds of other account holders and sold to German authorities for a criminal investigation. He argued that if the bank had informed those on the list that their data had been sold, they could have turned themselves in, receiving temporary amnesty and much lower fines. (“Taxman rakes in hundreds of millions thanks to stolen bank data“,

The decision was by the Liechtenstein high court. If anyone knows the details of the case (what duty was violated), I’d appreciate knowing more. Was it a violation of Liechtenstein bank secrecy law, or a general duty to disclose?

Via the web hacking incident database and “German Government Pays Hacker For Stolen Bank Account Data” at TacticalWebAppSec.