Our client had recently become aware of several payments for their services being passed to bank account details that were not theirs, apparently in response to emails from the client to their customers. The client was uncertain as to how this had taken place, but it was noted that they had recently migrated from an old cloud tenancy to a new one. The client needed to understand what had occurred, how to prevent the issue re-occurring, and most importantly, recover lost funds where possible.
The Mishcon legal team commenced activities to freeze funds immediately, contacting both the bank which had received payments and the ongoing banks identified through conversations with the initial payment receiver.
Our consultants commenced an immediate review of the logs and access control surrounding the environment, and identified the depreciated environment as a significant concern; a further review of its controls and logging concluded that its security was not appropriate, and the environment needed to be secured or shut down.
Ultimately, the client recovered a large percentage of the lost funds, and with MDR Cyber’s guidance was able to address the root cause of the incident, which was the depreciated but still retained environment.