News |

Surfing porn and neglecting work bring big bill for IT firm

An appeal court has doubled the sum that the Enerit IT services company has been ordered to pay to a client for contract violations to 160,000 euros. The case went to court after it was discovered that serious web security issues had been ignored, and that an Enerit employee had downloaded private files, including tens of thousands of pieces of porn, onto the client's servers.

Sormet näppäimistöllä pimeässä huoneessa ja näytön kajossa.
Image: Yle

The client, Korpelan Voima power utility won the original case against Enerit. At that time a lower court ruled that that the IT company had shown extreme neglect in fulfilling its contract.

Enerit was contracted to provide IT services for Korpelan Voima and its power distribution subsidiary Korpelan Verkko in 2006.

Four years ago, the consortium of local municipalities that own the utility company brought in a private expert to evaluate its IT security. The expert found that Enerit had ignored 23 separate orders or bans established by the municipalities' computer security policy.

Spam, porn and slack security

Firewall security settings were so inadequate that they allowed outside access to the company's intranet, including customer data and Korpelan Voima's main server which ran critical company operations.

It was found that the installed spam filter passed along unscanned emails from a Finnish dating service and a German website offering adult entertainment videos. In addition, an IT company employee had downloaded 20,000 pornographic pictures, 250 movies, over 1000 pieces of music and installed BitTorrent file-sharing software.

According to the case filed by Korpelan Voima, the employee used only a third of hours invoiced for work.

The expert's evaluation was that slack security arrangements led to a potential threat that could have targeted the company's entire electricity supply distribution and control. IT security arrangements were deemed to be both outdated and systematically neglected. The appeals court agreed with the evaluation in its ruling.

Double damages

Under the earlier district court ruling, Enerit was ordered to pay Korpelan Voima and its distribution subsidiary 80,000 euros in damages for endangering its IT security. The appeal court has now raised that  to 160,000.

Enerit itself is jointly owned by three power utilities, Korpelan Voima, Kokkolan Energia and Vaasan Sähkö.

Latest in: News


Our picks