Imagine you are a FinTech company that offers cloud-based software products and services to various clients, including banks and financial institutions. You have invested a lot of time, money and effort in developing your proprietary software and securing your client data. But one day, you discover that some of your ex-employees have hacked into your accounts on a cloud platform and changed the recovery email IDs, preventing you and your clients from accessing them. What would you do? This is exactly what happened to Epikindifi Software and Solutions Pvt. Ltd., a FinTech company based in India, that filed a suit against its ex-employees and Amazon Web Services (AWS) for intellectual property theft and hacking. In this blog post, we will analyze how the FinTech Company Fought Back Against IP Theft and Hacking by Ex-Employees sought legal action and got an interim relief from the Delhi High Court.
FinTech Fought Against IP Theft & Hacking: The Facts of the Case
Epikindifi Software and Solutions Pvt. Ltd. is a FinTech company that offers end-to-end cloud-based FinTech software products and automation solutions to various entities such as banks, financial institutions. It was established in 2018, and has offices in Chennai, Bangalore and Sydney, Australia and Melbourne, Australia through a group company. The company claims to have a strong presence as a product development company in the FinTech sector, with assets under management worth USD 2 Billion and daily transactions of around 3 million. he current turnover of the company in the financial year 2022-23 is stated to be over Rs. 13 crores. The company claims to have spent Rs. 1.6 crores on advertising, sales, marketing, and promotional activities since its inception until the time of filing the current suit.
The company uses AWS as a cloud service provider to store and operate the accounts of its clients, who deal with sensitive personal data. The login credentials for the primary AWS account are secured in a password-protected OneDrive Cloud account, which is accessible only to the company’s team. However, on 8th September 2023, the company discovered that the email IDs for recovery of passwords associated with the AWS root accounts of five of its customers had been unauthorisedly changed to a Gmail account. As a result, the company and the customers were unable to access and service the accounts.
The company conducted an internal investigation and found out that some of its ex-employees (Defendants Nos. 1-7) were involved in this illegal act. Company also suspected that there might be other unknown persons (Defendant No. 8) who were acting on behalf of the ex-employees. The company filed a criminal complaint with the Cyber Cell in Chennai and Bangalore, and three of the ex-employees were arrested. The company also filed a civil suit against the ex-employees and AWS (Defendant No. 9) for intellectual property theft, breach of confidentiality, misappropriation of sensitive personal information, copyright infringement, etc.
The Contention of the Plaintiff
The company contended that the ex-employees had violated the confidentiality and non-disclosure agreements that they had signed with the company and had infringed the company’s exclusive rights over its software products and manuals. So the company claimed that its software products, which are developed under the “.ezee Product Suite”, are proprietary and confidential information and can be viewed on its website,
The company also contended that the ex-employees had compromised the security and privacy of the company’s customers and their data, which could have serious consequences for the company’s business and reputation. The company sought an urgent ex parte ad-interim injunction against the ex-employees and an order to AWS to restore the access and control over the compromised accounts to the company.
The Cases Cited by the Plaintiff
The company relied on the following cases to support its case:
- Yamini Manohar v. TKD Keerthi, 2023 LiveLaw (SC) 906, to seek exemption from instituting pre-litigation mediation under Section 12A of the Commercial Courts Act, 2015. The company argued that pre-litigation mediation was not mandatory when the suit contemplated urgent interim relief.
- Patil Automation Private Limited and Ors. v. Rakheja Engineers Private Limited, to argue that the ex-employees had breached the confidentiality and non-disclosure agreements and had misused the company’s trade secrets and confidential information.
The Decision of the Court
The court granted the exemption from instituting pre-litigation mediation to the company and issued summons to the ex-employees and AWS. Also the court directed AWS to allow the company to regain access and control over the compromised accounts within two working days and restrained the ex-employees from downloading, uploading, copying, replicating or dealing with any sensitive personal information of the company’s customers, confidential information of the company or information relating to its customers. The court also ordered the compliance of Order XXXIX Rule 3 CPC within three working days.
Conclusion
In conclusion, the case shows how FinTech Fought Back Against IP Theft & Hacking had to deal with a serious threat to its intellectual property and customer data due to the alleged hacking by its ex-employees. The company took prompt legal action and got an interim relief from the court. The case also highlights the importance of confidentiality and non-disclosure agreements, data security and privacy, and pre-litigation mediation in the FinTech sector. If you enjoyed this article and want to stay updated with more engaging content, be sure to follow our Aranlaw for the latest updates, insights, and exciting news.