Posted on

Court case about liability for cyber crime – Hawarden v Edward Nathan Sonnenbergs Inc

Hawarden v Edward Nathan Sonnenbergs Inc [2023] ZAGPJHC 14

The plaintiff (H) was the purchaser of a fixed property, the transfer of which was to be handled by the defendant, a firm of attorneys. After H paid the deposit, H then elected to pay the balance of the purchase price into the defendant’s trust account by way of an electronic funds transfer (EFT). A conveyancing secretary in the employ of the defendant emailed the defendant’s trust account banking details to H by way of a PDF attachment. H’s email account was hacked, however, and the banking details on the PDF attachment was altered to reflect that of another party with a view to defraud H and effectively steal the money. Despite the defendant being made aware of the fraud, defendant continued to demand payment of the balance of the purchase price (R5.5m) from H.

The court (Mudau J) held that, as an experienced conveyancer, the defendant was well aware of the risks of business email compromise (BEC) and owed a duty of care towards H to warn H of the dangers of BEC and EFTs, without further safeguards to avoid payments into the wrong account. As a result the defendant was negligent and its inaction caused financial harm to H. The defendant was ordered to pay the sum of R5.5m plus interest at 10.25% from 21 August 2019 to date of payment to H, plus the costs of two expert witnesses, plus costs of suit on attorney and own client scale, including costs of two counsel.

For a more comprehensive summary of the judgement, see the first two pages of the judgement.