Hacking of emails including bank details

Liability shared between the supplier and the bank 

A supplyer A issues an invoie to its customer B and sen dit to its agent C by email.

The email is hacked by a hacker D and sent to the customer B with modified bank details.

B pays the invoice to the hacker D on its bank account in France.

The bank deed not check if the bank account was matching with the name of the customer B mentionned in the instruction to pay.

The good was not delivered by A to B.

Court decision 16/09/2021:

    1. Hacking is not considered as a force majeure case given that the holder of email shall take protection of its system;
    2. The supplyer A shall reimburse the customer B;
    3. No mistake from customer B;
    4. The bank is not obliged to check the name of the bank account compared with its id numer (article L133-21 of the monetary and financial code);
    5. But the same article states that the bank shall help the claimant yo get the money back when it is aware of a fraude;
    6. The bank shall bear 50% of the fraudulent transfer.


No double payment

A company A orders products to company B through a broker C.

Delivery takes place.

B sends its invoice by email to C.

This email is hacked and the bank details are modified to the benefit of the hacker D.

A pays B’s invoice to the bank account of D, the hacker.

B sues A for non payment.

Decision of the court 21/12/2023:

1. A paid B in good faith;
2. A was not aware of the hacking of C emails;
3. Payment was valid according to French law (article 1342-2 and 1342-3 of the civil code);
4. Claim of B to A is rejected and A shall not pay the invoice a second time.