Accounting office / ICT administrator
An accounting firm that did the administration for several hundred clients was hit by a ransomware attack. Read more about the challenge, strategy and the result achieved in this case here.
Lawyer:
dr. A.W. Duthler LL.M
Category:
Liability for ransomware attack
Time:
From summons to court decision: 1 year
Result:
Allocation of compensation
The challenge
An accounting firm that did the administration for several hundred clients was hit by a ransomware attack. For two weeks it was not possible to access the data of its clients, the company was shut down and the employees were sent home. In the end, the director of the office paid three bitcoins to get back into business, but in the meantime also suffered significant other damage, such as conducting a forensic investigation and lost business.
Strategy
The IT administrator has been held liable by letter for the damage suffered by the accounting firm as a result of the ransomware attack. After the ICT manager rejected any liability and was also unwilling to enter into discussions, a summons procedure was started to obtain compensation for damage.
Result
The judge held the IT manager liable because he had not insistently warned the accounting firm about the risks of too light security. The judge ruled that the IT administrator should have returned the order as a last resort. Because the accounting firm itself had insisted on easy passwords, the ICT administrator was ordered to pay two-thirds of the damage suffered. In addition to the compensation for the paid bitcoins, the damage items included the costs of forensic investigation and lost turnover.
See also ECLI:NL:RBAMS:2018:101:24 Link: Rechtspraak.nl – Search in judgments.
Cases
Submit your case
Please feel free to contact one of our lawyersor call +31 (0) 70 306 00 33 or info@firstlawyers.nl.