top of page

The Cyber Fraud Incident and Loss of House Deposit


This case study explores a complaint filed by Mr B against a law firm following a cyber fraud incident that resulted in the loss of part of his house deposit. The case examines the firm's handling of the situation and determines whether their service was reasonable. The objective of the investigation is to assess the firm's responsibility and recommend appropriate measures to rectify the situation.


Mr B engaged the services of the law firm to facilitate his property purchase. During the transaction, he transferred his deposit to what he believed was the firm's bank account and requested confirmation of receipt. Unfortunately, it was later revealed that Mr B had fallen victim to a hacker impersonating his solicitor, leading him to unknowingly transfer the deposit to a fraudulent bank account.

Mr B's Complaint:

Mr B contacted his bank after discovering the fraud but could only recover a portion of the money. The bank confirmed that earlier notification would have enabled them to retrieve a greater portion of the funds. Dissatisfied with his financial loss, Mr B lodged a complaint, urging the firm to investigate the matter and address his grievances.

Investigation Findings:

Upon investigation, it was determined that the law firm's service fell short of expectations. The following key findings influenced this conclusion:

Delayed Confirmation of Receipt:

Evidence revealed that the firm failed to promptly confirm receipt of Mr B's money. They only checked their bank account one week after Mr B's initial email, at which point the fraudulent activity came to light. This delay hindered the early detection and mitigation of the cyber fraud incident.

Absence of Adequate Cybersecurity Measures:

The firm neglected to provide Mr B with any warnings or information regarding the risks associated with cybercrime. As a service provider, it is expected that they take reasonable steps to safeguard both themselves and their clients from such threats. However, the firm's lack of precautionary measures demonstrates a disregard for cybersecurity best practices.

Insufficient Procedures for Homeworking:

Further investigation revealed that the solicitor assigned to Mr B's house purchase usually operated from home, using her personal device. However, the firm had no established policies or guidelines for remote workers to ensure the secure handling of sensitive information. This failure to implement adequate procedures within the organization contributed to the vulnerability of their systems.

Impact and Resolution:

Mr B suffered a loss of part of his house deposit due to the firm's inadequate service. If the firm had acted reasonably by promptly checking their bank account, it would have been possible to recover the entire deposit. Additionally, had Mr B been adequately informed about the risks, he may have avoided transferring his deposit to the fraudulent account in the first place.

To rectify the situation and restore Mr B to his rightful position, it was directed that the firm compensate the difference between the lost amount and the sum recovered by the bank. This resolution aims to alleviate the financial burden imposed on Mr B as a result of the firm's unreasonable service.


This case study highlights the implications of inadequate cybersecurity measures and delayed response in a real estate transaction. The law firm's failure to promptly confirm receipt of funds, insufficient cybersecurity practices, and lack of policies for remote workers contributed to the loss suffered by Mr B. By holding the firm accountable and directing appropriate restitution, the aim is to prevent such incidents in the future and emphasize the importance of robust cybersecurity measures in legal service providers.


Follow LexTalk World for more news and updates from International Legal Industry




bottom of page