The Court of Justice of Alagoas (a state in northeastern Brazil) upheld a ruling that ordered Banco Bradesco to pay R$ 2,500.00 in moral damages and double restitution of amounts improperly deducted after a banking fraud that victimized a disability retiree. The 4th Civil Chamber denied the financial institution's appeal, establishing the bank's strict liability for security failures that allowed the leakage of confidential data used by the criminals.

The case involved the "fake manager" scam, in which fraudsters contacted the consumer identifying themselves by the real name of her branch manager, demonstrating prior knowledge of confidential information held by the financial institution. The criminals used this privileged data to appear legitimate, inducing the victim to provide additional information that enabled the fraudulent origination of two payroll loans totaling R$ 29,518.59 in just 48 hours — an amount representing 16.3 times the retiree's monthly income. In this case, the court rejected the defense of exclusive victim fault, both due to her state of hyper-vulnerability and the use of confidential data leaked from the financial institution itself, which lent greater credibility to the scam. The established legal thesis is that institutions are liable for damages when fraud is based on prior data leakage from their systems.

The reporting judge, Justice Márcio Roberto Tenório de Albuquerque, grounded the decision in the joint application of Brazil's Consumer Protection Code and the General Data Protection Law (LGPD), highlighting that the fraudsters' knowledge of information exclusively processed by the financial institution characterizes an internal fortuitous event. The court established that strict liability applies when there is evidence of prior leakage of confidential data from banking systems, constituting a defect in service provision that precludes the defense of exclusive victim fault.

The ruling also ordered double restitution of the deducted amounts, rejecting the financial institution's claim of "justifiable mistake," since the bank continued with the monthly deductions even after becoming unequivocally aware of the fraud. The court further recognized the hyper-vulnerability condition of the elderly consumer retired on disability, applying the qualified protection provided by Brazil's Elderly Statute and the Inter-American Convention on Protecting the Human Rights of Older Persons, establishing that moral damages are presumed in cases of banking fraud resulting from data leakage.

This post was summarized from the original court decision using AI, with human review.

TJAL/AC No. 0701717-79.2024.8.02.0051