Articles

Customer responsible for costs deriving from hacked voice services

Customer responsible for costs deriving from hacked voice services

Customer responsible for costs deriving from hacked voice services

17.12.2014

NEC Nederland BV (NEC), the Dutch branch of NEC Corporation which is a worldwide provider of IT and communication solutions, uses voice services provided by KPN BV (KPN), a Dutch telecom provider. In order to use these voice services, NEC built their own PBX (Private Branch Exchange – which is a system that concentrates central office lines and enables intercommunication between a large number of telephone stations within NEC) connected through a router to the WAN (Wide Area Network).

Unauthorized parties have managed to get access to the data lines via a badly secured NEC PBX device and have set up a dial up service through which telephone traffic with East Timor has taken place. KPN has invoiced NEC for the costs involved, in the sum of EUR 176,895,00. KPN claims payment of the invoice stating that it was NEC’s obligation to monitor the traffic. NEC however states that KPN has a duty of care (statutory and reinforced by case law) which entails that telecom providers are obliged to monitor telephone traffic and take measures when deviating telephone traffic is noticed. Furthermore, NEC claims that KPN should have warned NEC about the risks of using voice services. Because KPN neither monitored the telephone traffic nor warned NEC of the risk (the hack was discovered during a test), NEC claims that it is not liable for the costs of the fraudulent use of the voice services.

The Court rejects NEC’s claim that KPN owes it a duty of care. NEC built their own PBX system, which makes them responsible for the hardware and, being a professional in the communications sector, they are supposed to be aware of the risks of using voice services. A previous hack of their PBX system resulted in damage amounting to EUR 40,000 and confirms that NEC were aware of the risks involved. Following this incident, NEC asked KPN if it was possible to cap the use of their lines as a safeguard. KPN explained that this was not possible and instead offered a tool to enable NEC to monitor traffic on a daily basis. NEC decided not to make use of this option.

NEC also tried to rely on jurisprudence relating to telephone traffic, by claiming that such traffic should be adequately monitored on a regular basis. This plea was also rejected because – contrary to other phone traffic - different providers are used to provide voice services and KPN cannot monitor the traffic on the data lines of other providers.

Therefore, the Court concluded that NEC cannot claim a duty of care from KPN and that NEC should pay KPN’s invoice.

[Source: District Mid-Netherlands, 2 July 2014, ECLI:NL:RBMNE:2014:2617]

 

Click here to see a printable version of this article

All rights reserved. Care has been taken to ensure that the content of this e-bulletin is as accurate as possible. However the accuracy and completeness of the information in this e-bulletin, largely based upon third party sources, cannot be guaranteed. The materials contained in this e-bulletin have been prepared and provided by Stibbe for information purposes only. They do not constitute legal or other professional advice and readers should not act upon the information contained in this e-bulletin without consulting legal counsel. Consultation of this e-bulletin will not create an attorney-client relationship between Stibbe and the reader. The e-bulletin may be used only for personal use and all other uses are prohibited.

Team

Related news

27.03.2019 NL law
Ook WhatsApp- en sms-berichten op privételefoons vallen onder Wet openbaarheid van bestuur

Short Reads - De Afdeling bestuursrechtspraak van de Raad van State heeft in een uitspraak van 20 maart 2019 (ECLI:NL:RVS:2019:899) bevestigd dat ook WhatsApp- en sms-berichten onder de reikwijdte van de Wet openbaarheid van bestuur (Wob) vallen. Dat geldt niet alleen voor WhatsApp- en sms-berichten die staan op werktelefoons, maar ook voor berichten die staan op privételefoons van bestuurders of ambtenaren. Daarmee gaat de Afdeling terecht verder dan de rechtbank (ECLI:NL:RBMNE:2017:5979) in eerste aanleg, die van oordeel was dat de Wob niet van toepassing is op berichten op privételefoons.

Read more

21.03.2019 NL law
15 aspects of Brexit you did not know

Short Reads - A Brexit without a deal, or with a deal that does not cover all relevant aspects, is still a potential scenario. We have highlighted a number of unexpected legal consequences of Brexit in such a no deal or incomplete deal scenario.

Read more

Our website uses functional cookies for the functioning of the website and analytic cookies that enable us to generate aggregated visitor data. We also use other cookies, such as third party tracking cookies - please indicate whether you agree to the use of these other cookies:

Privacy – en cookieverklaring