The amount of data that we electronically communicate on a daily basis increases every day. With this increase, we are seeing more claims for breaches caused by a lack of security and governance over data, failure to detect phishing and spear-phishing schemes, and fraud prevention.  

Orange County attorneys Esther Holm and Justine Kilpatrick recently defended an escrow company in connection with a claim by a homebuyer who wired funds to a criminal hacker instead of the escrow company. Discovery revealed a number of safeguards the escrow company had in place and conclusively established the hacking occurred with a third party involved in the real estate transaction. In their lawsuit, the homebuyers eschewed direct claims of cyber breach in favor of allegations that the escrow officer was negligent and breached his fiduciary duty, because he did not read the entirety of an email exchange where the escrow officer had been impersonated by the fraudster. The plaintiffs' theory was reading the email would have put the escrow officer on actual notice he was being impersonated, which would have caused him to intervene, thereby preventing the fraudster from completing the cyber theft.   

We argued the escrow company could not be held liable without actual knowledge of the fraud. "[W]here a party to a transaction in which an escrow is utilized engages in fraudulent activity, an escrow is not liable when it acts in good faith and does not have actual knowledge of wrongdoing." Marzan v. Bank of Am., 779 F. Supp. 2d 1140, 1154 (D. Haw. 2011) citing In re Bishop, Baldwin, Rewald, Dillingham & Wong, Inc., 69 Haw. 523, 529, 751 P.2d 77, 78, 81 (Haw. 1988). "The escrow company is not a guardian for the uninitiated." Berry v. McLeod, 124 Ariz. 346, 352, 604 P.2d 610, 616 (1979).  "Any liability in this area must be based on evidence that the escrow agent had actual knowledge of the fraud and failed to disclose the known information to the parties." Ibid. In this case, there was no evidence supporting the homebuyers' claim that the escrow officer read the email containing the fraudulent wiring instructions. Ultimately, the dispute was resolved on favorable terms.

As hackers become more creative and sophisticated, we expect to see the number of cyber breach claims rise. We also expect to see more novel fact patterns, like that advanced against the escrow officer, in an attempt to plead facts triggering coverage under professional liability policies. 

Stay tuned for cyber law issues in the context of legal malpractice claims in our next newsletter!

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.