Cybercrime at Law Firms Triggers Ethical Duties

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

By Ellen Rosen

May 1— Law firms of all sizes are falling prey to hackers and Internet scams. Now the New York City Bar Association has released an ethics opinion clarifying that lawyers must report hacking or other breaches of their computer systems.

The opinion makes clear that lawyers don't violate their ethical obligations by reporting cyberfraud to enforcement authorities. The opinion also emphasizes that law firms must tell clients if their interests might be at risk.

Because Internet scams can result “in harm to other clients of the law firm, such as the loss of client funds due to an escrow account scam,” the firm “must promptly notify the harmed clients.”

Lawyers can't jump to conclusions, apparently, even if the questionable e-mail appears to come from a Nigerian prince looking for a new lawyer.

“Before concluding that an individual is attempting to defraud the attorney and is not owed the duties normally owed to a prospective or actual client, the attorney must exercise reasonable diligence to investigate whether the person is engaged in fraud,” according to the opinion.

The opinion offers a primer on the many ways that lawyers—even the most sophisticated—can sometimes become unwitting victims to scams that may seem obvious.

Perhaps most frightening: the Bar Association committee that wrote the opinion found that not all malpractice insurers are willing to cover losses from these frauds.

To contact the reporter on this story: Ellen Rosen in New York at

To contact the editor responsible for this story: Michael Hytha at

 ©2015 Bloomberg L.P. All rights reserved. Used with permission

Request Corporate on Bloomberg Law