4-Step Computer Security Upgrade
Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.
A few years ago, there was an ABA ethics opinion that told lawyers that if they thought their email had been hacked, they needed to warn their client about the risks of sending or receiving email. That seemed like a bit of a theoretical worry, but it turns out that that even something like a run-of-the-mill employment discrimination case can lead to an actual court case and an actual loss of money, rather than chin-stroking ethics hypotheticals.
The Legal Profession Blog highlighted a recent decision from the United States District Court for the Eastern District of Virginia enforcing a settlement order in a case where a hacker absconded with the funds that the plaintiff received as a settlement. The takeaway: If your email has been hacked and you’re expecting a settlement check, make sure you tell opposing counsel to check directly with you about any emails from you.
A Virginia lawyer didn’t do that, and the hacker used his email account to direct the settlement funds to an offshore bank account. The money was gone, and his client insisted that the settlement be enforced, which would mean the opposing party paid twice. The court said he had nobody to blame but himself because he knew he had been hacked but didn’t tell opposing counsel.
In sorting out the case, the court looked at whether opposing counsel behaved reasonably in sending the money in the first case. This was necessary because the defense was that somehow opposing counsel should have known the email was shady. But the hacked email bore all signs of being legitimate and believable:
- It came from the Virginia lawyer’s regular email address.
- It used a salutation that was a familiar, shortened version of opposing counsel’s name.
- It referred to the history of the settlement payment discussions
- The parties had communicated by email before.
And perhaps the best and most hilarious reason: “The content of the email was consistent with [the Virginia lawyer’s] error-prone typography.”
It’s difficult to imagine that nearly any attorney wouldn’t fall for this and reasonably believe they were following the instructions of opposing counsel.
There wasn’t any case law on point about in the jurisdiction, particularly over the narrow issue of whether one attorney was obliged to inform the other that their email might be hacked. The court found that common sense means an attorney has to do so.
The parties have cited no decision articulating that an attorney has an obligation to notify opposing counsel when the attorney has actual knowledge that a third party has gained access to information that should be confidential, such as the terms of a settlement agreement, or the attorney has knowledge that the funds to be paid pursuant to a settlement agreement have been the target of an attempted fraud. Nor has the Court located such authority. However, the principle is an eminently sensible one. […]
The sensible principle is this: If opposing counsel had informed the lawyer that the email was compromised, the lawyer wouldn’t have followed the payment instructions in the email (or, if they did, they would be behaving recklessly). Because of that, the court ruled that opposing counsel behaved reasonably, and the lawyer’s client had to bear the loss. Presumably, the lawyer bore some of that loss as well.
The usual caveats apply: this is one case from one jurisdiction. That said, it does echo the ABA ethics opinion, and it does ring true and fair: why should the party that reasonably believed they were sending the money to the right place be on the hook to pay twice? Next time you’re certain that some complicated technology thing will never apply to you, remember this case and think again.