Security precautions when sending emails with attached invoices in business transactions

An interesting ruling on security precautions when sending e-mails in business transactions was issued by the Schleswig-Holstein Higher Regional Court in the 12th Civil Senate on 18.12.2024 under the file number AZ: 12 U 9/24.

Accordingly, the ruling states that insufficiently secured data transmission by e-mail can result in considerable claims for damages:
“In the opinion of the Senate, pure transport encryption when sending business emails with personal data between entrepreneur and customer is not sufficient for the customer, at least in view of the high financial risk that exists here due to falsification of the plaintiff’s attached invoice, and cannot constitute “suitable” protection within the meaning of the GDPR. Rather, end-to-end encryption is currently the means of choice.”

Read the entire verdict here .

In the present case, the IBAN of the biller was falsified, the transferred amount thus went to an account operated by criminals and the money was gone. How did that come about? Since the e-mail communication was NOT S/MIME encrypted, criminals were able to hack into the invoice dispatch, intercept the invoice and send it on to the invoice recipient with the wrong IBAN…

The threat of claims for damages puts a whole new focus on the topic of email encryption, as it has so far been more common in the B2B sector to exchange information worthy of protection or to meet compliance requirements in certain business areas. Now, however, it is no longer “just” about compliance, pure data protection or the protection of patents / internal company information. This ruling is suddenly about much more: a claim for damages has already driven many a company into insolvency.

Are you already securing your email communication? If not, this landmark ruling should make you think and act!

Secure your business email communication and prevent possible claims for damages.
Secure your email communication in no time at all with end-to-end encryption via SMIME. SecuMail® Encryption offers secure transmission of your sensitive communication by encrypting the mail content. Your (selected) e-mail addresses are automatically encrypted and decrypted by the SecuMail® service, as well as provided with a signature. You don’t need to install or operate any software.

#Cybersecurity #ITSicherheit #SecuMail #MailVerschlüsselung #SecuMailEncryption #Encryption #Schadensersatz #Schadensersatzforderung #Schadensersatzanspruch