An interesting twist regarding GDPR

Last Update: February 21, 2019

Employee gets sued after she falls for £200K CEO Fraud Scam

Ithought you would find this an interesting and educational story relating to cybersecurity. Apologies if this is of no interest to you.

This is quite a historical case because if the company wins, we could see a lot more court cases against employees for clicking on links they shouldn't which then harm their organisation.

What happened?

A woman is being sued for sending approx. 200K of her employer's money to an online fraudster. Patricia Reilly, from UK Peebles Media Group, fell for a CEO fraud scam where the criminals sent her emails pretending to be her boss (Mrs. Bremner) who was on vacation at the time.

The lawsuit alleges that Mrs Reilly ignored a warning from their bank about this type of fraud and made the payment of £193,250 to the fraudsters. The case is being heard at the highest civil court in Edinburgh.

The issue came to light a few days later when a colleague logged onto the firm's online bank account and noticed a fraud warning.

Company Lawyers accuse Mrs Reilly of being negligent

The Bank refunded the firm £85,268.28 and Peebles is suing the former employee for the remaining sum of 107,984 pounds. Mrs Reilly was fired from the firm for her actions.

They have described her actions as "careless and in breach of the duties - including the duty to exercise reasonable care in the course of the performance of her duties as an employee which she owed to her employer."

Peebles has claimed that she should have realized the emails were suspicious.

The fraudsters appeared to have some knowledge of Peebles Media’s operations, sending Reilly emails impersonating Bremner during a week in which the managing director and Reilly’s line manager were on holidays. BEC scammers are known to intensively study targets, including compromising email accounts to monitor communications between employees, suppliers, and partners. ​

She did not receive any training on how to spot online fraud

Mrs Reilly's legal team said that she did not receive any training on how to spot online fraud and have called for the case to be dismissed.

This actually breaks GDPR law, where companies need to provide cyber awareness training for their staff. So Peebles could find themselves in more hot water from the ICO

Join the Discussion
Write something…
Recent messages
DarleneB Premium
Very interesting. I'm curious to see the outcome.
Reply
TheCatherine Premium
I will try and keep you posted
Reply
kvimont Premium
That was my first thought, did she receive any training on what to look out for. This is one of the biggest mistakes that most people fall for, not knowing what scammers are capable of doing, and no fault of theirs.
Unless a person has had some sort of training it is very easy to fall victim to a scam like this. If she is innocent I hope they get the case dismissed.
Kim
Reply
TheCatherine Premium
it will be interesting to see what happens
Reply
DebbieRose Premium
That's quite a story...awaiting the outcome!
Reply
TheCatherine Premium
I will keep my eye out for the outcome and will post it
Reply
lynnsam61 Premium
This is very interesting. It sounds like employee and employer could have acted negligently. It may come down to who has the better legal team.

Erica
Reply
TheCatherine Premium
sadly Erica, you may well be right!
Reply
JamesJB Premium
A very interesting story, apart from it being quite an eye-opener.

Thank you for taking the time to share it here...
Reply
TheCatherine Premium
you are welcome James, I'm glad you found interesting
Reply
Barney44 Premium
Going to be interesting to hear the outcome of this case. sounds like maybe both parties were at fault. Tough when we have to spend our precious time checking everything before we act.

What has happened to our world that fraud is so prevalent?
Reply
TheCatherine Premium
the world is working much more to taking personal responsibility, but you have to feel sorry for someone with no training who is just trying to do her job, albeit with catastrophic consequences
Reply
MarionBlack Premium
It sounds like both the employer and employee were negligent. It will be interesting to hear the final outcome of the court case.
Reply
TheCatherine Premium
it is interesting and yes both parties are at fault
Reply
BobRoman Premium
Great information - very useful!

Thanks so much for sharing!

Wish you smashing success!

Bob
Reply
TheCatherine Premium
thank you Bob
Reply
wendyk Premium
Thanks for sharing. It is interesting!
Reply
CandP Premium
Very interesting! Thanks for sharing.
C & P
Reply