Legal Ethics

Does lawyer have ethical duty to replace hacked client funds? It depends, ethics opinion says

  • Print.


Image from Shutterstock.

A lawyer who takes reasonable computer security precautions has no ethical responsibility to replace stolen client money when a hacker breaks into the network and pilfers trust account funds, according to an ethics opinion by the North Carolina State Bar.

The hacking hypothetical is one of seven scenarios involving stolen client funds addressed in the Oct. 23 ethics opinion. The ABA/BNA Lawyers’ Manual on Professional Conduct has a summary of the opinion, which cautions that it is not addressing a lawyer’s legal liability in such situations.

A prior North Carolina opinion addressed a lawyer’s duties to maintain computer security. Lawyers must educate themselves about the security risks of online banking, implement safety practices such as strong password practices, use encryption and security software, hire a technology consultant for advice, and ensure that staffers assisting with trust-account management receive training and abide by security measures.

Lawyers who don’t take reasonable precautions may have an ethical responsibility to replace stolen client funds if the failure is the proximate cause of trust account theft, the opinion says.

Lawyers may also have a responsibility to replace stolen client funds in a different scenario involving a hacked email and a lack of reasonable care. In that hypothetical, a hacker gains information about a real estate transaction by hacking the email of the lawyer or other parties such as the realtor or the seller. The hacker then crates a “spoof” email address that is similar to that of the realtor or seller.

The spoof email instructs the lawyer to wire funds to an identified account, despite previous instructions to mail the check. The lawyer wires the money without first contacting the seller by telephone.

The lawyer has an ethical responsibility to replace the funds, the opinion says, because the lawyer failed to take reasonable security measures such as contacting the seller or confirming the seller’s email address. The lawyer could be reimbursed if the bank is found to be legally responsible or insurance covers the stolen funds.

Under all circumstances involving third-party theft of client funds, the lawyer owes duties to clients whose money was stolen, including notifying the clients of the theft and helping them identify ways to cover the losses, the opinion says.

Updated at 9:00 a.m. to remove doubled word.

Give us feedback, share a story tip or update, or report an error.