A lack of proper procedures to safeguard against cybercrime left this firm short...
Mr B instructed the firm to complete a property purchase. During the transaction, he transferred his deposit to whom he believed was the firm and requested that they confirm receipt.
However, it was later revealed that Mr B had received an email from a hacker posing as his solicitor and had transferred his house deposit to a fraudulent bank account.
Mr B later contacted his bank but was only able to retrieve some of the money as the rest had already been transferred out of the fraudulent account. The bank confirmed that if Mr B had contacted them sooner, they would have been able to recover more of his money.
Mr B was unhappy that he had lost some of his deposit and requested that we investigate his complaints.
We concluded that the firm’s service was unreasonable.
Firstly, the evidence showed that the firm delayed confirming receipt of Mr B's money as they did not check their bank account until one week after Mr B emailed them. It was only at this time that the hack came to light.
We would expect a service provider to take reasonable steps to protect themselves and their client from the risk of cybercrime, but the firm did not provide Mr B with any warnings about these risks.
During our investigation we also discovered that the solicitor dealing with Mr B's house purchase usually worked from home on her own device. However, the firm did not have any policies for homeworkers on how they should safeguard information, and no checks were carried out on the firm’s systems to ensure they were secure. So, we concluded that the law firm had insufficient procedures in place.
Mr B had lost part of his house deposit because of the firm’s service. If the service had been reasonable and the firm checked the bank account sooner, Mr B would have been able to recover all of his house deposit. If Mr B had been provided with sufficient warnings, he may not have transferred his deposit elsewhere in the first place.
To put Mr B back in the position he would have been in had the service been reasonable, we directed the firm to pay the difference between what was lost and what the bank were able to recover.
Our approach to dealing with cybercrime | Legal Ombudsman
Guidance: Our approach to determining complaints | Legal Ombudsman
Guidance: Our approach to putting things right | Legal Ombudsman