Recent cyberattack case highlights need for setting up power of attorney
As every day passes, events on the internet prove that cybersecurity will one day surpass physical security in importance, if it hasn’t already. Still, cyberattacks continue to increase significantly and cause increasingly more devastating damages. So, what can you do legally once you have been attacked?
Months ago, a U.S.-based corporate server of one of our clients was hacked by professional hackers and a considerable amount of money transferred to an unknown account in Istanbul. These kinds of breaches and illegal money transfers are frequent and apart from legal actions, which come later, it is crucial to react rapidly once you become aware of a cyberattack.
Losing even hours, let alone days, may lead to catastrophic results since it is almost impossible to track or locate money once it is out circulating between unidentified persons and accounts. The rapid involvement of legal counsel is essential but is often not possible due to the lack of a power of attorney, including requisite authorizations related to bank transactions. Banks are under strict regulations and hence, without pre-approved authorizations like power of attorney, it may not be possible to intervene, even if the account receiving the money is known to the company that has been attacked.
In the case of an international money transfer from a foreign client, as was the case with our client, issuing a power of attorney takes even more time, and by the time it is issued, cyber-criminals have usually drawn the money in cash and
it becomes almost impossible to track them or the money because of a lack of a transaction trail.
If power of attorney has been provided, however, legal counsels are in a better position to intervene at an early stage of an attack and prevent money from being released temporarily until an injunction decision is rendered by a court freezing the relevant receiving bank account.
In our case, we succeeded in preventing the release of the money
to suspects who tried to draw it from the related branch of the bank and immediately obtained an injunction order forcing the bank to freeze the related bank account due to a suspicious transfer. Simultaneously, we filed a criminal complaint and both civil and criminal lawsuits which were finalized within months, ending with imprisonment of the perpetrators and the return of the money in its entirety to the client.
As this recent example illustrates,
immediate legal action in a short span of time was critical to preventing damages even after hackers had successfully penetrated our client’s security measures. Therefore, it is essential to empower trusted legal counsels beforehand in order to enable them to take necessary legal actions on behalf of companies targeted by cyber criminals.