Sometimes the Enemy is in the House: Don't Let an Outside Vendor Control Vital Systems

Confronted with an IT vendor refusing to return passwords and data, our oil and gas producer-client had two untenable choices - shut down all operations or continue a fragile balance of blind operations hoping that a catastrophic environmental disaster or serious injury to employees or residents might not result.

We succeeded in quickly shutting down the threat through swift maneuvering in a fast-paced litigation fight.

BACKGROUND ON THE BREACH

Our client, a company that provides oil and gas collection and installation services, hired a third-party vendor to handle specialized information technology needs and perform system-wide upgrades.  Once fully immersed in the company’s operations, the vendor, without authorization, entered the computer system and created passwords which prevented internal staff from accessing platforms needed to control the operations.  The vendor also disabled alarms on protected systems that served to regulate the pressure of oil and gas collection units.  Upon refusing to comply with repeated requests to disclose the passwords, the vendor informed company representatives that they would need to pay him in order to gain access to the systems.

LITIGATION AND THE RESULTS

We filed a motion in federal court seeking a preliminary injunction to compel the vendor to provide all passwords and files connected with the company and to prevent him from accessing, altering or deleting information from the company’s computers, servers, and other IT equipment.  The motion cited violations of various federal and California laws, including the Computer Fraud and Abuse Act, the California Computer Data Access and Fraud Act, and California Unfair Competition Law.  

The vendor-defendant argued that it would suffer irreparable harm if forced to reveal passwords to the code.  He contended the code was proprietary material protected by copyright laws.  The Federal Judge agreed with Nossaman and ruled on our client’s behalf, requiring the vendor to immediately comply with the preliminary injunction.  Following failed last-minute efforts by the vendor to delay or amend the court order, our client received the demanded passwords and other access control information for its computers and systems.

Twitter/X Facebook LinkedIn
Jump to Page

Nossaman LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek