In October 2015, the North Carolina Bar Association concluded that lawyers who have taken reasonable security measures to safeguard their computer network aren’t ethically obligated to replace client funds if hackers steal client money. A summary of the opinion appears in Bloomberg. A subsequent story in the ABA Journal described it this way:
- Lawyers who don’t take reasonable precautions may have an ethical responsibility to replace stolen client funds if the failure is the proximate cause of trust account theft, the opinion says.
- Lawyers may also have a responsibility to replace stolen client funds in a different scenario involving a hacked email and a lack of reasonable care. In that hypothetical, a hacker gains information about a real estate transaction by hacking the email of the lawyer or other parties such as the realtor or the seller. The hacker then creates a “spoof” email address that is similar to that of the realtor or seller. The spoof email instructs the lawyer to wire funds to an identified account, despite previous instructions to mail the check. The lawyer wires the money without first contacting the seller by telephone. The lawyer has an ethical responsibility to replace the funds, the opinion says, because the lawyer failed to take reasonable security measures such as contacting the seller or confirming the seller’s email address. The lawyer could be reimbursed if the bank is found to be legally responsible or insurance covers the stolen funds.
- Under all circumstances involving third-party theft of client funds, the lawyer owes duties to clients whose money was stolen, including notifying the clients of the theft and helping them identify ways to cover the losses, the opinion says.
While you may not be ethically bound to replace client funds, you may be liable for losses suffered by your clients. Furthermore, any time there is a theft of client property, you are obligated to inform the client and may be additionally responsible for helping to mitigate the damages [such as covering the cost of credit monitoring if identity theft is involved].
All the above serves as a good reminder to remain vigilant. For posts on scams, fraud, embezzlement, theft, and related issues, search my blog.
Beverly Michaelis – all rights reserved – 2016.
Pingback: The Best Legal Blog Posts of 2016 | Oregon Law Practice Management