My question involves criminal law for the state of: Florida
Please correct me if this is not the right thread.
Our retail establishment purchased POS hardware and software that was installed by a VAR (Value Added Reseller). We also have all of our support through this reseller. Normally, if we open a support case, it is by phone, they ask us if they can remotely connect to us so we can observe what they are doing. During a support case, (email, non emergency), I found out that over course of the few days the ticket was open, the reseller attempted to remotely connect to our infrastructure, without our authorization & at a time of their choosing, through a backdoor that they apparently install at all of their clients. They attempted to connect using a pre-defined password that they installed as an alternate method to connecting to us. Industry standard is that any remote connection to a POS infrastructure require a 2-factor authentication (random password each session, etc) in order to stay PCI compliant (TeamViewer provides both of these functions). Luckily, our IT practices stopped this in its place. When brought to the attention of the VAR, they merely shrugged it off.
Our systems are used for more than just the business, and intellectual property is kept on-site and if exposed would cause irreversible harm.
In my opinion this is criminal hacking, regardless of their peaceful or malicious intentions due to what could have been accidentally exposed by them and because they tried to connect without our knowledge. (They could have also connected in the past without our knowledge).
Do I have any legal recourse from a civil and/or criminal stance?