An interesting twist regarding GDPR

Last Update: February 21, 2019

Employee gets sued after she falls for £200K CEO Fraud Scam

Ithought you would find this an interesting and educational story relating to cybersecurity. Apologies if this is of no interest to you.

This is quite a historical case because if the company wins, we could see a lot more court cases against employees for clicking on links they shouldn't which then harm their organisation.

What happened?

A woman is being sued for sending approx. 200K of her employer's money to an online fraudster. Patricia Reilly, from UK Peebles Media Group, fell for a CEO fraud scam where the criminals sent her emails pretending to be her boss (Mrs. Bremner) who was on vacation at the time.

The lawsuit alleges that Mrs Reilly ignored a warning from their bank about this type of fraud and made the payment of £193,250 to the fraudsters. The case is being heard at the highest civil court in Edinburgh.

The issue came to light a few days later when a colleague logged onto the firm's online bank account and noticed a fraud warning.

Company Lawyers accuse Mrs Reilly of being negligent

The Bank refunded the firm £85,268.28 and Peebles is suing the former employee for the remaining sum of 107,984 pounds. Mrs Reilly was fired from the firm for her actions.

They have described her actions as "careless and in breach of the duties - including the duty to exercise reasonable care in the course of the performance of her duties as an employee which she owed to her employer."

Peebles has claimed that she should have realized the emails were suspicious.

The fraudsters appeared to have some knowledge of Peebles Media’s operations, sending Reilly emails impersonating Bremner during a week in which the managing director and Reilly’s line manager were on holidays. BEC scammers are known to intensively study targets, including compromising email accounts to monitor communications between employees, suppliers, and partners. ​

She did not receive any training on how to spot online fraud

Mrs Reilly's legal team said that she did not receive any training on how to spot online fraud and have called for the case to be dismissed.

This actually breaks GDPR law, where companies need to provide cyber awareness training for their staff. So Peebles could find themselves in more hot water from the ICO

Join the Discussion
Write something…
Recent messages
Barney44 Premium
Going to be interesting to hear the outcome of this case. sounds like maybe both parties were at fault. Tough when we have to spend our precious time checking everything before we act.

What has happened to our world that fraud is so prevalent?
TheCatherine Premium
the world is working much more to taking personal responsibility, but you have to feel sorry for someone with no training who is just trying to do her job, albeit with catastrophic consequences
MarionBlack Premium
It sounds like both the employer and employee were negligent. It will be interesting to hear the final outcome of the court case.
TheCatherine Premium
it is interesting and yes both parties are at fault
BobRoman Premium
Great information - very useful!

Thanks so much for sharing!

Wish you smashing success!

TheCatherine Premium
thank you Bob
wendyk Premium
Thanks for sharing. It is interesting!
CandP Premium
Very interesting! Thanks for sharing.
C & P