Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Cayman Islands: Ombudsman issues enforcement order against Jacques Scott Group following ransomware attack
The Office of the Ombudsman ('the Ombudsman') announced, on 22 March 2021, that it had issued an enforcement order against Jacques Scott Group Ltd. following a ransomware attack. In particular, the Ombudsman noted that the company had failed to take adequate technical and organisational measures to protect against unauthorised processing of employee, shareholder, and pension account member personal data, and had failed to incorporate certain mandatory provisions into its agreement with its IT provider. However, the Ombudsman noted that there appears to be no customer data which has been accessed and no serious or ongoing consequences for the compromised data.
In order to prevent future ransomware attacks, the Ombudsman recommended future steps including:
- providing training to employees on cybersecurity prevention and response;
- enabling logs on all critical network devices to ensure information is kept in the event of future cyber attacks;
- ensuring multiple backups of information are maintained with at least one backup kept off-site; and
- implementing periodic vulnerability assessments to identify IT security weaknesses.