BGP wins court case against Swiss bank

30. August 2019

BGP has won in court CHF 3.7 million for a bank client against a Swiss bank in a "man-in-the-middle" cyber-attack case.

The bank had made payments to unknown third parties without valid instructions at the expense of the bank client. The origin of the bank's payments was a so-called "man in the middle" attack. In a "man-in-the-middle" cyber-attack, also called Janus attack (after the two-faced Janus of Roman mythology), the hacker places himself - or his harmful tool - between the victim and the resource called up, such as a bank website or an e-mail account. The attacker can thus take complete control of data traffic between two or more communication partners and view and manipulate the information at will.

Since the bank concerned did not fulfill its duty of care regarding the authenticity of the payment orders sent to it (legitimation check), the bank did not recognize the "man in the middle" attack and executed various payments to unknown third parties without instruction and at the expense of the bank client.

In this case, BGP advised the bank client comprehensively, represented him in court, won the case in its entirety and obtained the repayment of CHF 3.7 million to the bank client. The BGP team was led by Oliver Gnehm, attorney-at-law and partner in Zurich.

BGP specializes in negotiation and litigation in complex legal matter. In bank liability cases, BGP represents both bank clients and banks.