"Hillary Machinery was not required to secure PlainsCapital's Internet banking system to ensure that its funds were not stolen and was not required to ensure that true multifactor identification was employed by PlainsCapital to counteract the known threat posed by malware, phishing and pharming," the complaint noted. Hillary insisted that if PlainsCapital had used "commercially reasonable" security measures, the unauthorized transfers would have been found to be outside the norm for Hillary.
According to Owen, Hillary has no option but to defend itself against the earlier PlainsCapital lawsuit. "We asked them nicely in person to return our money," Owebs said. "They sued us instead."
He noted that the publicity generated by PlainsCapital's lawsuit has resulted in questions from employees, customers and suppliers about Hillary's ability to absorb the loss.
"After 25 years in business we have a lot of people calling our soundness into question. It's raised a huge trust issue for us, because PlainsCapital chose to make it public," Owen said.
He insisted that Hillary would not be "bullied" and was willing to take the fight all the way to Capitol Hill if needed.
A spokesman for PlainsCapital today contended that the theft had resulted from Hillary's failure to protect its login credentials. "This was never a cyber attack on the bank. We are confident that our systems meet all security requirements," he said.
The spokesman also noted that just because it wasn't publicly disputing Hillary's claims over the actual transactions, doesn't mean it agrees with the company's contentions.
Because of confidentiality requirements, PlainsCapital cannot discuss the details of the unauthorized wire-transfers he said. "That doesn't mean that we agree with what Hillary is telling the media about the transactions," the spokesman said.
The dispute is among several involving banks and small businesses whose accounts have been looted in similar fashion, where hackers used valid login credentials to siphon out substantial amounts of money from small business accounts.
Such disputes are raising fundamental questions about due diligence issues and on whether and how much business customers should be held responsible for protecting their online accounts from hackers.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan , send e-mail to email@example.com or subscribe to Jaikumar's RSS feed .
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.