On 10 June 2024 the Supreme Court of Appeal handed down a judgment in the case of Edward Nathan Sonnenberg Inc v Hawarden [2024] ZASCZ 90 which provides welcome relief for all organisations operating within South Africa who provide bank account details via email.
- BRIEF FACTS:
The Plaintiff, Ms Hawarden, purchased an immovable property and ENS were appointed as the Conveyancers to attend to registration of transfer. In accordance with the terms and conditions of the sale agreement, and relying upon a PDF document sent to her by ENS, Ms Hawarden made payment of R5 500 000.00 into a bank account purporting to belong to ENS.
Unfortunately, and unbeknownst to her, Ms Hawarden’s email account had been hacked, and the hackers had intercepted the email from ENS and amended the bank account details reflected on the PDF document. This hacking resulted in Ms Hawarden making payment into a bank account which did not belong to ENS, but rather to the hackers.
Once the scam had been discovered the funds had been removed from the fraudulent bank account and Ms Hawarden subsequently sued ENS for the R5 500 000.00 which she had lost due to her making payment into the incorrect bank account.
- ISSUE:
The primary issue in question was whether ENS could be held liable for the economic loss suffered by Ms Hawarden as a result of her relying on the email which they sent to her.
- HIGH COURT JUDGEMENT:
In finding in favour of Ms Hawarden, and holding ENS liable for the R5 500 000.00 loss suffered by her, the High Court made the following points:
- That a duty of care exists between conveyancers and their clients, and that ENS should have warned Ms Hawarden of the dangers of cybercrime, which they failed to do;
- That as conveyancers ENS should have been aware of the risks of cybercrime and had a duty to guard against such harm eventuating;
- That ENS provided its own bank account details to Ms Hawarden, and were responsible for the accuracy and safety of the transmission;
- That in failing to warn Ms Hawarden of the dangers faced by her, and by solely relying on sharing the bank account details via email, ENS failed to discharge the duty of care which they have toward clients and were thus negligent.
- SUPREME COURT OF APPEAL:
On appeal the Court overturned the High Court judgment and ruled that ENS were not liable to Ms Hawarden for the economic loss which she had suffered. In making this judgment the following important points were made:
- That Ms Hawarden had in fact previously been advised of the risk of cybercrime by the Estate Agents, and had been instructed of the need to verify bank details before making any payments;
- That Ms Hawarden could have at any stage instructed her bank to verify the bank account details which had been provided to her;
- That Ms Hawarden was aware of the fact that she had the option to secure the purchase price by way of a guarantee issued by her bank, but elected not to do so; and
- That Ms Hawarden therefore had ample means available to her and that she must therefore take responsibility for her failure to protect herself from cybercrime, which was a known risk to her.
- CONCLUSION:
In our opinion the decision handed down by the Supreme Court of Appeal is correct, and provides relief to all organisations who provide their bank account details via email. Whilst such organisations do have a duty of care to their clients, it must also be remembered that the clients themselves have a duty to protect themselves from becoming a victim of cybercrime.
It is a sad reality that in the world in which we currently live we are constantly at risk of becoming victims to scams, but such risk can be successfully mitigated by both organisations as well as individual members of the public working together and taking appropriate steps to protect themselves.
Article by David Campbell