Automated Summary
Key Facts
Judith Hawarden lost R5.5 million after transferring funds to a fraudulent account following a business email compromise (BEC) cyberattack. Hackers intercepted her email account, altering banking details provided by Edward Nathan Sonnenberg Inc. (ENS) conveyancers. Despite prior warnings from her estate agent about email fraud and having the opportunity to verify ENS's account details directly with their staff or through her bank, Hawarden failed to take reasonable precautions. The Supreme Court of Appeal dismissed her delictual claim against ENS, ruling she was not 'vulnerable to risk' as she could have protected herself against the known cybercrime threat.
Issues
The court determined whether the plaintiff successfully established the wrongfulness element required for a delictual claim arising from an omission that caused pure economic loss, considering the risk of cybercrime and the plaintiff's capacity to mitigate the risk.
Holdings
The court dismissed the plaintiff's delictual claim for pure economic loss caused by an omission, holding that the plaintiff (Ms Hawarden) could reasonably have taken steps to protect against the risk of business email compromise (BEC) fraud. The judgment emphasized that Ms Hawarden, who was not a client of ENS, had access to verification methods (e.g., contacting ENS representatives or her bank) and thus was not 'vulnerable to risk' as required for delictual liability. The appeal was upheld with costs, and the high court's order was set aside.
Remedies
- The appeal is upheld with costs, such costs to include the costs of two counsel where so employed.
- The Plaintiff's claim is dismissed with costs, such costs to include the costs of two counsel where so employed.
Legal Principles
- The court applied the principle that a defendant's omission causing pure economic loss is not prima facie wrongful unless public or legal policy considerations require liability. It emphasized that vulnerability to risk is a key criterion, and where a plaintiff could reasonably have taken steps to protect themselves (as in this case), no duty of care arises.
- The court considered the remoteness of the loss, noting that ENS could not be held liable for losses arising from a compromised email account it did not control. The chain of causation was broken by the plaintiff's failure to use available safeguards.
- The judgment clarified that even if ENS failed to implement security measures or warn of BEC risks, this would not constitute a breach of duty where no legal obligation existed. The plaintiff's election to forgo a bank guarantee and her access to verification options negated any actionable breach.
Precedent Name
- Cape Empowerment Trust Limited v Fisher Hoffman Sithole
- Cape Town City v Carelse
- Home Talk Development (Pty) Ltd and Others v Ekurhuleni Metropolitan Municipality
- Country Cloud Trading CC v MEC, Department of Infrastructure Development, Gauteng
- Hawekwa Youth Camp and Another v Byrne
- Halomisa Investments Holdings (RF) Ltd and Another v Kirkins & Others
- Trustees for the Time Being of Two Oceans Aquarium Trust v Kantey & Templer (Pty) Ltd
Judge Name
- Dawood
- Tlaletsi
- Ponnan
- Goosen
- Dambuza
Passage Text
- Ms Hawarden could reasonably have avoided the risk by either asking Mr Carrim or Ms Maninakis to verify the account details of ENS... There was thus more than sufficient protection available to Ms Hawarden.
- In all of this, sight must not be lost as well of the fact that after weighing up her options she elected, whilst at the bank, to forego a bank guarantee for a cash transfer... The appeal must succeed.
- any warning by ENS of the risk of BEC would have been meaningless, in the circumstances of this case, because by that time the cyber criminal was already embedded in Ms Hawarden's email account, consequently the risk had already materialised.