Wednesday, August 31, 2016

Attorney's Duties When Settlement Funds are Stolen By Hacker

A $63,000 settlement that was diverted through a hack into the receiving attorney's account has resulted in an order of the United States District Court for the Eastern District of Virginia enforcing a settlement agreement.

The court states important principles when one attorney learns of a computer attack that might compromise entrusted funds.

The attorney transmitting the payment is Oshinowo. The intended payee is Bile. Bile's attorney (Udom) and Bile were aware of the attempt to invade Udom's account; Oshinowo was not.

...the third party that compromised the account sent an email from ubomlawgroup@yahoo.com to Oshinowo at LeClairRyan, instructing that the payment required by the Settlement Agreement be wired to a Barclay's account, purporting to be Bile's, in London. Oshinowo initiated LeClairRyan' s internal procedures for a wire transfer in the amount of $63,000.00 to be dispatched to the Barclay's account, and LeClairRyan initiated that transfer. Meanwhile, Defendant RREMC, LLC processed a check for $2,000.00-less-witholding and mailed it to Bile's residential  address. Bile received the $2, 000. 00-less-withholding check without incident.

The parties went back to court over the disputed amount

At the evidentiary hearing, Defendants presented the testimony of David Melczer ("Melczer"), accepted by the Court as an expert in information technology, and James Lemmert, who carried out the wire transfer in question, in support of the Defendants' position that Oshinowo acted reasonably in transmitting the $63,000.00. (Def.'s Post-Hrg. Mem. 7; Pl.'s Post-Hrg. Mern. 10-11). Bile presented his own testimony and that of Oshinowo in support of the Bile's position that: ( 1) the Settlement Agreement was not enforceable as written; and (2) Oshinowo acted unreasonably in transmitting the $63,000.00.

The court

the undisputed record shows that Ubom told Bile about the fraudulent email. The Court finds that both Ubom and Bile had actual knowledge that, on July 27, 2015, a malicious third party was targeting this settlement for a fraudulent transfer to an offshore account that did not belong to Bile. The Court further finds that both Ubom and Bile knew the email account of the Ubom Law Group was implicated in that fraudulent activity...

the Court concludes that Defendants substantially performed their obligations under the Settlement Agreement on July 29, 2015, and are entitled to specific performance of Bile's obligations under the Settlement Agreement.

 The court looked to contract principles

The parties have cited no decision articulating that an attorney has an obligation to notify opposing counsel when the attorney has actual knowledge that a third party has gained access to information that should be confidential, such as the terms of a settlement agreement, or the attorney has knowledge that the funds to be paid pursuant to a settlement agreement have been the target of an attempted fraud. Nor has the Court located such authority. However, the principle is an eminently sensible one. Indeed, Bile's briefing clearly considers that to be the case because Bile states, repeatedly, that attorneys have "an obligation to contact [opposing] counsel when and if they receive(] suspicious emails instructing [them] to wire settlement funds to a foreign country where such [a] request has never been made during the course of performance of the parties." (~., Pl.'s Post-Hrg. Resp. 3, 23). Ubom repeated this argument orally during the evidentiary hearing. Applying this standard, Ubom failed to act with the ordinary care that he, correctly, says should govern this case.

Two days before the fraud was perpetrated on LeClairRyan, both Ubom and Bile were aware that an unidentified third party had targeted the settlement funds for diversion to a Barclay's bank account that had nothing to do with Bile. Additionally, Bile and Ubom knew that ubomlawgroup@yahoo.com was being used in an effort to perpetrate the fraud. Ubom failed to pass this information along to Defendants, defense counsel, or the Court. This failure substantially contributed to the loss of $63,000.00 within the meaning of U.C.C. ยง 3-406. The Court finds it self evident that if Oshinowo or Mago was aware: (1) that the settlement funds were the target of a malicious third party; (2) that the terms of the confidential Settlement Agreement had been accessed by a malicious third party; or ( 3) that a malicious third party was angling to redirect the settlement funds to a Barclay's account when Bile had no such account, then Oshinowo would not have initiated the wire transfer on July 29, 2015.

...Bile must bear the loss associated with the malicious third party behavior.

As to the technology issue

This is not to say that Oshinowo might not have exercised greater care when he received the email directing the settlement funds to an overseas bank account. However, Article 3 does not require best practices: it requires ordinary care, and there is no proof that LeClairRyan did not exercise ordinary care.

At the heart of this case is the simple fact that Bile's agent, Ubom, could have prevented the loss of $63, 000. 00 by notifying opposing counsel on July 27, 2015 when he had actual knowledge of an attempted fraud, the known purpose of which was to lay hands on the settlement funds. As technology evolves and fraudulent schemes evolve with it, the Court has no compunction in firmly stating a rule that: where an attorney has actual knowledge that a malicious third party is targeting one of his cases with fraudulent intent, the attorney must either alert opposing counsel or must bear the losses to which his failure substantially contributed.

The court enforced the agreement. (Mike Frisch)

https://lawprofessors.typepad.com/legal_profession/2016/08/a-63000-settlement-that-was-diverted-through-a-hack-into-an-attorneys-account-has-resulted-in-an-order-of-the-united-states.html

Bar Discipline & Process | Permalink

Comments

Post a comment