The noted authority, Sharon D. Nelson, Esq., recently reported in her Ride the Lightning Blog: “Bank Sued Over Court Filing Containing Lawyers’ Personal Information,” a thorny bank litigation case that serves to highlight the critical importance of courts and litigators coming together to jointly adopt state-of-the-art infosecurity software and protocols.
The Blog reports that the bank’s defense attorneys (in a lawsuit filed against the bank for allegedly honouring a fraudulent check and then reversing it) filed court papers disclosing the plaintiffs’ home addresses, home telephone numbers, email addresses, drivers’ licenses, signatures, and bank account information. If that weren’t bad enough, the plaintiffs were not ordinary plaintiffs, but rather, noted New Jersey business and litigation firm, OlenderFeldman LLP, and the disclosed bank account was no ordinary account: it was the law firm’s attorney-client trust account.
Ms. Nelson writes that the lawsuit arose from an unusual situation where Investors Bank allegedly failed to detect that a $487,601 cashier’s check deposited by OlenderFeldman into its client trust account was fraudulent. According to the bank, OlenderFeldman received an unsolicited email from a stranger seeking legal services that was followed by a $487,601 deposit. “Before the check cleared,” Nelson writes, “the stranger asked OlenderFeldman to wire $228,900 [of the deposited amount] to a bank account in Jakarta, Indonesia. The day after the wire transfer was made, Investors Bank contacted the law firm to state that the check [for $487,601] was deemed fraudulent.”
That’s crazy enough, but the story only gets stranger from there. After informing OlenderFeldman that the $487,601 deposit check was fraudulent, the bank reversed the deposit and charged the firm’s client trust account for the bank’s loss of $228,900. When the law firm requested the bank reverse the charge back to the trust account because the charge went against other clients’ funds, the bank declined.
According to Michael Feldman, name partner and attorney for the plaintiff, “As attorneys, and given the sanctity of a law firm’s attorney trust account in this State, we are shocked and saddened that an authorized attorney trust account bank in New Jersey could or would ever unilaterally seize funds belonging to unrelated clients because it believes a law firm owes it money. We will be even more disturbed if such behaviour is ultimately permitted by our Supreme Court. If these actions are allowed to stand, clients in New Jersey may need to reconsider the risk of placing funds in an attorney trust account. In this case, OlenderFeldman quickly replenished the funds unilaterally seized by Investors Bank from its attorney trust account so as to assure no possible harm to our clients.”
From there the plot only thickened. OlenderFeldman then sued the bank (first in state court and then in federal court), and that’s when the bank filed a motion asking for additional time to answer the complaint, and to which its counsel attached a declaration of the bank’s Vice President which included the highly confidential information. The firm filing this motion on behalf of the bank was the New Jersey office of Chuhak & Tecson, though apparently the confidential information was quickly removed after the plaintiffs complained.
As the Blog points out, however, often times there is no taking confidential information back, because in the meantime the information could have been downloaded and put up for sale on the dark web, where a malicious actor could have purchased the information and used it to clean out the trust account.
While advertence or bad judgment can result in the disclosure of confidential personal information, software and appropriate infosecurity practices could have prevented this from ever happening. If courts and the bar adopt a filing protocol requiring that all pleadings and documents be screened for confidential information before filing, the confidential information could be redacted using software that allows for differential access.
It is time for the courts and bar associations of every jurisdiction to come together to manage this serious problem with a joint infosecurity software and protocol solution. By doing this, privacy exposures are far less likely to occur in the future and the legal profession would start to get ahead of the cyber and infosecurity problems that currently plague it.