Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Cayman Islands: Ombudsman issues enforcement order against Jacques Scott Group following ransomware attack

The Office of the Ombudsman ('the Ombudsman') announced, on 22 March 2021, that it had issued an enforcement order against Jacques Scott Group Ltd. following a ransomware attack. In particular, the Ombudsman noted that the company had failed to take adequate technical and organisational measures to protect against unauthorised processing of employee, shareholder, and pension account member personal data, and had failed to incorporate certain mandatory provisions into its agreement with its IT provider. However, the Ombudsman noted that there appears to be no customer data which has been accessed and no serious or ongoing consequences for the compromised data.

In order to prevent future ransomware attacks, the Ombudsman recommended future steps including:

  • providing training to employees on cybersecurity prevention and response;
  • enabling logs on all critical network devices to ensure information is kept in the event of future cyber attacks;
  • ensuring multiple backups of information are maintained with at least one backup kept off-site; and
  • implementing periodic vulnerability assessments to identify IT security weaknesses.

You can read the press release here and the order here.