Accounting office / ICT administrator
An accounting firm that did the administration for several hundred clients was hit by a ransomware attack. Read more about the challenge, strategy and the result achieved in this case here.
An accounting firm that did the administration for several hundred clients was hit by a ransomware attack. For two weeks it was not possible to access the data of its clients, the company was shut down and the employees were sent home. In the end, the director of the office paid three bitcoins to get back into business, but in the meantime also suffered significant other damage, such as conducting a forensic investigation and lost business.
The IT administrator has been held liable by letter for the damage suffered by the accounting firm as a result of the ransomware attack. After the ICT manager rejected any liability and was also unwilling to enter into discussions, a summons procedure was started to obtain compensation for damage.
The judge held the IT manager liable because he had not insistently warned the accounting firm about the risks of too light security. The judge ruled that the IT administrator should have returned the order as a last resort. Because the accounting firm itself had insisted on easy passwords, the ICT administrator was ordered to pay two-thirds of the damage suffered. In addition to the compensation for the paid bitcoins, the damage items included the costs of forensic investigation and lost turnover.
See also ECLI:NL:RBAMS:2018:101:24 Link: Rechtspraak.nl – Search in judgments.