(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

Hackers snatched yacht charterer’s $500K refund – Rhode Island Lawyers Weekly | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Listen to this article

A Newport ship brokerage is being sued in federal court by a Brazilian businessman who claims he’s out more than $500,000 because the defendant failed to have in place security measures that would have prevented a refund the plaintiff was due for a canceled yacht charter from being deposited into an overseas bank account controlled by hackers.

“Due to Defendant’s negligence and/or insufficient security protocols, Defendant’s email servers were hacked by an unidentified third party, which created and sent false instructions to Defendant to send the Refund Amount to a bank account located in Croatia,” states the complaint filed Nov. 13 in De Almeida Braga v. Northrop & Johnson Yacht Charters, Inc.

According to the complaint, in 2019 plaintiff Luis Antonio de Almeida Braga contracted with defendant Northrop & Johnson Yacht Charters to act as a broker to locate a desirable yacht for charter. On March 28, 2019, plaintiff with the assistance of the defendant entered into a charter agreement with the owner of the yacht Marina Wonder. Pursuant to the terms of the contract, the plaintiff prepaid the charter fees by transferring funds from his JP Morgan account in New York to the defendant, which in turn forwarded the fees to the yacht owner’s broker/agent.

The parties later canceled the charter agreement when the owner was unable to provide the yacht as needed. With the cancellation of the contract, the yacht owner agreed to pay the plaintiff 501,683.64 EUR (approximately $547,000) as a refund of his prepaid fees and for liquidated damages.

The plaintiff alleges that the yacht owner transferred the amount owed to Northrop & Johnson.

However, instead of the yacht broker transferring the funds to the plaintiff, the complaint alleges that the defendant’s email servers were hacked, enabling unknown third parties to provide false instructions for payment of the money owed to the plaintiff. The defendant allegedly followed those instructions.
On Oct. 24, 2022, the defendant informed the plaintiff that it had transferred the refund amount to the alleged hackers’ Croatian bank account.

“Plaintiff had no knowledge of, or connection to, the third party, no knowledge that Defendant’s email servers had been hacked, and no knowledge of the false emails that were created by the third party and sent to Defendant,” the complaint states.

In addition to stating a claim for breach of contract, the plaintiff asserts a claim for negligence.

“Defendant owed a duty to Plaintiff to exercise reasonable care to maintain adequate security measures to protect third parties from hacking into its email servers and implementing proper protocols prior to effectuating transfers of money owed to Plaintiff to ensure that money owed to Plaintiff would actually be delivered to Plaintiff,” states the complaint.

The plaintiff is represented by Michael J. Daly of Pierce Atwood in Providence. Defense counsel had not entered an appearance as of press time. The case has been assigned to U.S. District Court Judge Mary S. McElroy and is before Magistrate Judge Lincoln D. Almond on referral.


Click Here For The Original Story From This Source.

National Cyber Security