CTS cyber-attack: Disruption to home sales now over…

Services have been restored after a cyber-attack that played havoc with property completions, but those affected can complain.

CTS, which provides IT services to law firms, said systems were back just before Christmas following nearly a month of disruption.

The company thanked firms for their patience.

However, any homeowners whose finances were hit have the option of going to an ombudsman if they face losses.

About 80 firms were thought to have suffered issues ranging from email and digital paperwork access issues to an inability to complete a property deal, as a result of the cyber-attack on CTS.

The company said: “We can confirm that all CTS managed systems were restored by the 22 December.

“Our clients have been kept updated throughout and we would like to thank them for their patience as we worked, with a team of experts, to resolve this matter as safely and efficiently as possible.”

Generally, on property completion day, the buyer’s solicitor arranges for money to be transferred to the seller’s solicitor. A failure to complete is technically a breach of contract.

The problems meant some house moves were delayed, with the people involved describing a stressful situation and lack of communication.

The Legal Ombudsman said this was a challenging situation, but it had the powers to decide whether clients received the standard of service they should have been able to expect from their conveyancing firm, as well as an appropriate response to any complaint they had raised.

An individual’s complaint would be to their conveyancing firm, not directly to CTS.

“If someone believes they’ve suffered a financial loss following the attack, or have been affected in another, non-financial way, then in the first instance they should let the service provider know, raising a formal complaint if they’re unhappy with the service they’ve received,” an ombudsman spokesman said.

The law firm would have eight weeks to provide a response to any complaint. If the customer was not satisfied with that response, they could refer it to the ombudsman.

It would consider whether the firm took all reasonable steps to protect themselves and their client from the risk of a cyber-attack, and whether it took all reasonable steps to deal with the cybercrime when they became aware of it.

The ombudsman, if it decided the firm had provided poor service, has the power to direct them to refund or compensate their customer for any losses that arose as a result of their failings.

The Information Commissioner’s Office was told about the incident by CTS and the regulator has been “making enquiries”.