Have you ever wondered what happens when your confidential data is compromised by hackers? Well, a FinTech company in India had to face this nightmare when some of its ex-employees allegedly accessed and changed the accounts of its customers on a cloud platform. In this blog post, we will analyze how the FinTech Company Sues Ex-Employees for IP Theft and Hacking & filed a suit against the culprits and got interim relief from the court.
FinTech Company Sues Ex-Employees: The Facts of the Case
The company, Epikindifi Software and Solutions Pvt. Ltd., is a FinTech company that offers cloud-based software products and services to various entities such as banks and financial institutions. It has a strong presence in the FinTech sector and has assets under management worth USD 2 Billion and daily transactions of around 3 million.
The company uses Amazon Web Services (AWS) as a cloud service provider to store and operate the accounts of its clients, who deal with sensitive personal data. The login credentials for the primary AWS account are secured in a password-protected OneDrive Cloud account, which is accessible only to the company’s team.
However, on 8th September 2023, the company discovered that the email IDs for recovery of passwords associated with the AWS root accounts of five of its customers had been unauthorisedly changed to a gmail account. As a result, the company and the customers were unable to access and service the accounts.
The company conducted an internal investigation and found out that some of its ex-employees (Defendants Nos. 1-7) were involved in this illegal act. The company also suspected that there might be other unknown persons (Defendant No. 8) who were acting on behalf of the ex-employees.
For that the company filed a criminal complaint with the Cyber Cell in Chennai and Bangalore, and three of the ex-employees were arrested. The company also filed a civil suit against the ex-employees and AWS (Defendant No. 9) for intellectual property theft, breach of confidentiality, misappropriation of sensitive personal information, copyright infringement, etc.
The Contention of the Plaintiff
The company contended that the ex-employees had violated the confidentiality and non-disclosure agreements that they had signed with the company and had infringed the company’s exclusive rights over its software products and manuals. The company claimed that its software products, which are developed under the “.ezee Product Suite”, are its proprietary and confidential information and can be viewed on its website.
Also the company contended that the ex-employees had compromised the security and privacy of the company’s customers and their data, which could have serious consequences for the company’s business and reputation. The company sought an urgent ex parte ad-interim injunction against the ex-employees and an order to AWS to restore the access and control over the compromised accounts to the company.
The Cases Cited by the Plaintiff
The company relied on the following cases to support its case:
- Yamini Manohar v. TKD Keerthi, 2023 LiveLaw (SC) 906, to seek exemption from instituting pre-litigation mediation under Section 12A of the Commercial Courts Act, 2015. The company argued that pre-litigation mediation was not mandatory when the suit contemplated urgent interim relief.
- Patil Automation Private Limited and Ors. v. Rakheja Engineers Private Limited, to argue that the ex-employees had breached the confidentiality and non-disclosure agreements and had misused the company’s trade secrets and confidential information.
The Decision of the Court
The court granted the exemption from instituting pre-litigation mediation to the company and issued summons to the ex-employees and AWS. Also the court directed AWS to allow the company to regain access and control over the compromised accounts within two working days and restrained the ex-employees from downloading, uploading, copying, replicating or dealing with any sensitive personal information of the company’s customers, confidential information of the company or information relating to its customers. The court also ordered the compliance of Order XXXIX Rule 3 CPC within three working days.
In conclusion, the case shows how a FinTech company had to deal with a serious threat to its intellectual property and customer data due to the alleged hacking by its ex-employees. The company took prompt legal action and got an interim relief from the court. The case also highlights the importance of confidentiality and non-disclosure agreements, data security and privacy, and pre-litigation mediation in the FinTech sector. If you enjoyed this article and want to stay updated with more engaging content, be sure to follow our Unimarkslegal for the latest updates, insights, and exciting news