Outcomes - Selected Case Summaries
Categories
Restructuring Administrator security incident results in a non-jurisdictional breach
Decisions | 08 December 2023
An overseas law firm notified us of a personal data breach on behalf of its client, a global restructuring administrator. The breach was due to a cyber threat that targeted a telecommunications company and subsequently affected the account of an employee in a sophisticated “SIM swapping” attack that affected almost 80,000 individuals. The incident compromised non-sensitive personal data including personal data of 69 residents in Cayman.
Upon review of the breach notification details we determined that, as the global restructuring administrator was not registered in Cayman and the data was not being processed here, we did not have any jurisdiction in this matter.