We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
PLEASE READ BEFORE POSTING: Hello Forumites! In order to help keep the Forum a useful, safe and friendly place for our users, discussions around non-MoneySaving matters are not permitted per the Forum rules. While we understand that mentioning house prices may sometimes be relevant to a user's specific MoneySaving situation, we ask that you please avoid veering into broad, general debates about the market, the economy and politics, as these can unfortunately lead to abusive or hateful behaviour. Threads that are found to have derailed into wider discussions may be removed. Users who repeatedly disregard this may have their Forum account banned. Please also avoid posting personally identifiable information, including links to your own online property listing which may reveal your address. Thank you for your understanding.
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Premier Property Lawyers
Options
Comments
-
That's pretty unlikely - money is in the solicitors' bank account, and subject to the bank's usual security precautions if anybody wants to access that.Vampgirl said:user1977 said:
Yes, I don't know why they haven't rolled back to their nightly backup...unless they were daft enough to allow that to be accessible to the hackers too.
For example my parents' are understandably incredibly worried that the money for their house sale might disappear before it can be transferred for their onward purchase.Sunsaru said:It is not as simple as rolling back. For one that backup might already be compromised. They have to go through everything with a fine tooth comb. Even the most watertight of systems is not perfect.
A more likely concern is identity fraud, assuming the data stolen includes things like copies of clients' passports, bank statements etc.0 -
I would say almost all solicitors clients details will be on an IT system, not many black books these days. I don't see any clients having to compensate anyone due to a hack in solicitors systems. There may be a case for expenses compensation if a client had to complete on their sale but not their purchase.Vampgirl said:user1977 said:
Yes, I don't know why they haven't rolled back to their nightly backup...unless they were daft enough to allow that to be accessible to the hackers too.
Whatever the actions needed to resolve the problems on the IT side, I think the lack of communication to their clients has been what has caused people the most stress: it appears that without access to their system they don't even have their customers' phone numbers in order to proactively contact them to let them know what's going on. When you combine that with the fact that they were also unreachable when their clients tried calling in, its not surprising that rumours start flying around (hackers, bankruptcy etc..) and people expect the worst. For example my parents' are understandably incredibly worried that the money for their house sale might disappear before it can be transferred for their onward purchase. And whilst they know that it would all be sorted out eventually, that doesn't provide them with somewhere to live in the meantime.Sunsaru said:It is not as simple as rolling back. For one that backup might already be compromised. They have to go through everything with a fine tooth comb. Even the most watertight of systems is not perfect.
Integrated client management systems are very good when up and running, but there still need to be some way of managing things when the system is inaccessible (for whatever reason).....you can't just go radio-silence and leave your clients in the dark....moving home is stressful enough without having to sofa-surf or find a hotel for an unknown period of time.
Plus there's the possibility of the other parties in the chain seeking to recover their losses following the failure to complete on schedule. I really hope PPL do the right thing and cover these losses and don't make their clients fight for this.
Horrible situation for all.0 -
Plus there's the possibility of the other parties in the chain seeking to recover their losses following the failure to complete on schedule. I really hope PPL do the right thing and cover these losses and don't make their clients fight for this.
It's likely to be the law firm's insurers who have to pay out for the losses.
They might be a bit harder to deal with, as they won't be worried about 'reputational damage' - i.e, they won't care if PPL gets a bad reputation because PPL clients are treated badly following this incident. (I guess some people might question how good their reputation was to start with!!!)
FWIW, I dealt with a much smaller law firm which was the victim of a cyber attack. Their insurers covered all their clients' losses. But as a result of the claims, their insurance premium for the following year went through the roof. So the law firm had to close down, because it was uneconomic to continue with such a high premium.
0 -
In relation to how long it can take to recover from these things, the Scottish Environment Protection Agency had an attack last Christmas, and is still sorting it out:
https://regulatoryapproach.sepa.org.uk/cyber-attack-service-status/
0 -
user1977 said:That's pretty unlikely - money is in the solicitors' bank account, and subject to the bank's usual security precautions if anybody wants to access that.
I agree with you its unlikely, but as a couple of pensioners who are stuck in limbo with their house sale proceeds inaccessible, all their possessions now in storage, with no home, and only the clothes they were wearing on Monday morning.... Its not surprising they are fearing the worst.
1 -
You would have thought that basic business continuity planning would mean having a local copy of clients' contact details though. The solicitors know which clients are due to exchange/complete on roughly which days, a backup from even a week ago would be sufficient to obtain contact details from prior to the security incident. Its also pretty easy to redirect incoming phone numbers, to mobiles if necessary, to maintain communication.TheJP said:I would say almost all solicitors clients details will be on an IT system, not many black books these days. I don't see any clients having to compensate anyone due to a hack in solicitors systems. There may be a case for expenses compensation if a client had to complete on their sale but not their purchase.
Horrible situation for all.
In terms of compensation, I don't think I mentioned that, simply that I hope PPL do the right thing and meet the extra expenses their clients have incurred, and any that they are liable for from the rest of the chain. My parents are in exactly the situation you describe: currently homeless because they have completed on their sale: PPL managed to confirm that the money was received, albeit that confirmation took 24 hours so the buyers probably incurred extra removals/storage costs (as have my parents). But PPL say they are unable to transfer the money on to the next stage of the chain and therefore their onward purchase has not completed (and neither has the rest of rest of the upwards chain).
1 -
PPL (and others) use an outsourced service, there will be no 'local' copy. Everything is in the cloud. Now PPL (and others) will have SLA's (service level agreements) with the provider such as 99.9% uptime etc. It all depends on the contract they have. They may be able to make claims based on that. You would have to claim through them.Vampgirl said:
You would have thought that basic business continuity planning would mean having a local copy of clients' contact details though. The solicitors know which clients are due to exchange/complete on roughly which days, a backup from even a week ago would be sufficient to obtain contact details from prior to the security incident. Its also pretty easy to redirect incoming phone numbers, to mobiles if necessary, to maintain communication.TheJP said:I would say almost all solicitors clients details will be on an IT system, not many black books these days. I don't see any clients having to compensate anyone due to a hack in solicitors systems. There may be a case for expenses compensation if a client had to complete on their sale but not their purchase.
Horrible situation for all.
In terms of compensation, I don't think I mentioned that, simply that I hope PPL do the right thing and meet the extra expenses their clients have incurred, and any that they are liable for from the rest of the chain. My parents are in exactly the situation you describe: currently homeless because they have completed on their sale: PPL managed to confirm that the money was received, albeit that confirmation took 24 hours so the buyers probably incurred extra removals/storage costs (as have my parents). But PPL say they are unable to transfer the money on to the next stage of the chain and therefore their onward purchase has not completed (and neither has the rest of rest of the upwards chain).
Maintaining communication will be hard if you can't get into the system in the first place. Yes PPL can redirect numbers but some poor people are going to have to sit there telling customers the same thing over and over again. "Hello? Yeah sorry, can't validate who you are as we can't get into your records". Rinse and repeat.
As an IT person, this is the stuff nightmares are made of but this is the way of the world now. The only hope is to somehow get systems back up ASAP.
Yes it sucks....Nothing is foolproof to a talented fool.0 -
Keeping local copies of your clients essential info is just one possibility, but there are plenty of business continuity/disaster recovery mechanisms for cloud-based systems.....no reasonably-sized company should ever allow themselves to be in the position where "the only hope is to somehow get systems back up ASAP"! Especially one which has the potential to disrupt so many people's basic human needs.Sunsaru said:PPL (and others) use an outsourced service, there will be no 'local' copy. Everything is in the cloud. Now PPL (and others) will have SLA's (service level agreements) with the provider such as 99.9% uptime etc. It all depends on the contract they have. They may be able to make claims based on that. You would have to claim through them.
Maintaining communication will be hard if you can't get into the system in the first place. Yes PPL can redirect numbers but some poor people are going to have to sit there telling customers the same thing over and over again. "Hello? Yeah sorry, can't validate who you are as we can't get into your records". Rinse and repeat.
As an IT person, this is the stuff nightmares are made of but this is the way of the world now. The only hope is to somehow get systems back up ASAP.
Yes it sucks....
For the phones, yes it would have been difficult, but again, that's why you have a business continuity plan. Security breaches and systems outages aren't exactly an unknown risk these days.
In terms of claiming expenses, I'm no lawyer but as I understand it my parents have a contract with PPL, they have no contractual relationship with PPL's CSP so would be unable to claim directly from them. They can only claim from PPL, it is up to PPL to in turn claim whatever they are able to from their CSP in terms of penalties due under their SLAs. Or from their insurers.
0 -
I may have written that wrong. When I said "you have to claim from them" I did actually mean PPL so sorry for any confusion.Vampgirl said:
Keeping local copies of your clients essential info is just one possibility, but there are plenty of business continuity/disaster recovery mechanisms for cloud-based systems.....no reasonably-sized company should ever allow themselves to be in the position where "the only hope is to somehow get systems back up ASAP"! Especially one which has the potential to disrupt so many people's basic human needs.Sunsaru said:PPL (and others) use an outsourced service, there will be no 'local' copy. Everything is in the cloud. Now PPL (and others) will have SLA's (service level agreements) with the provider such as 99.9% uptime etc. It all depends on the contract they have. They may be able to make claims based on that. You would have to claim through them.
Maintaining communication will be hard if you can't get into the system in the first place. Yes PPL can redirect numbers but some poor people are going to have to sit there telling customers the same thing over and over again. "Hello? Yeah sorry, can't validate who you are as we can't get into your records". Rinse and repeat.
As an IT person, this is the stuff nightmares are made of but this is the way of the world now. The only hope is to somehow get systems back up ASAP.
Yes it sucks....
For the phones, yes it would have been difficult, but again, that's why you have a business continuity plan. Security breaches and systems outages aren't exactly an unknown risk these days.
In terms of claiming expenses, I'm no lawyer but as I understand it my parents have a contract with PPL, they have no contractual relationship with PPL's CSP so would be unable to claim directly from them. They can only claim from PPL, it is up to PPL to in turn claim whatever they are able to from their CSP in terms of penalties due under their SLAs. Or from their insurers.
I'm in no way defending PPL. Yes they should have a business continuity plan but if they don't they will, if they are still trading after this. PPL like many other businesses put all their egg's in the cloud basket, they outsource their IT coz £££ talk and they almost get a 'won't happen to me' kinda attitude by putting the onus on a CSP or whatever, then things like this happen.
I'm just seeing it from an IT side being an IT person and boy they are in the do-do right now. You're right, no company this size should end up in this situation, but here we are.... They won't be the last either...Nothing is foolproof to a talented fool.2 -
Yes i agree especially if you heavily rely on technology as your business.Vampgirl said:
You would have thought that basic business continuity planning would mean having a local copy of clients' contact details though. The solicitors know which clients are due to exchange/complete on roughly which days, a backup from even a week ago would be sufficient to obtain contact details from prior to the security incident. Its also pretty easy to redirect incoming phone numbers, to mobiles if necessary, to maintain communication.TheJP said:I would say almost all solicitors clients details will be on an IT system, not many black books these days. I don't see any clients having to compensate anyone due to a hack in solicitors systems. There may be a case for expenses compensation if a client had to complete on their sale but not their purchase.
Horrible situation for all.
In terms of compensation, I don't think I mentioned that, simply that I hope PPL do the right thing and meet the extra expenses their clients have incurred, and any that they are liable for from the rest of the chain. My parents are in exactly the situation you describe: currently homeless because they have completed on their sale: PPL managed to confirm that the money was received, albeit that confirmation took 24 hours so the buyers probably incurred extra removals/storage costs (as have my parents). But PPL say they are unable to transfer the money on to the next stage of the chain and therefore their onward purchase has not completed (and neither has the rest of rest of the upwards chain).
Regarding my comment on compensation, i meant that your parents should be paid any expense they have incurred as a result of this delay. I really hope they get sorted soon and can put this situation behind them. Keep us updated on how things go.1
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards