Hacking Can Cost Your Business Millions of Dollars, Which is When Hacking Insurance Becomes Critically Important. However, Insurance Companies Often Deny Hacking Claims. When Is Hacking Covered By Insurance?
Hacking and other cybercrimes often cost millions of dollars. When financial losses can’t be recovered from the perpetrators, insurance coverage becomes critically important.
Unfortunately, insurance companies often deny claims, and the law regarding coverage in cybercrime suits is still evolving. Most recently, a New Jersey federal court refused to dismiss a suit seeking insurance coverage for nearly $1 million in losses caused by a social engineering scheme.
Computer Fraud Insurance Claim
In The Children’s Place, Inc. v. Great Am. Ins. Co., The Children’ Place, Inc. (TCP) is seeking to recover losses totaling $967,714.29 that the company mistakenly made to an unauthorized third party (the “Hacker”) instead of to TCP’s vendor, Thailand-based Universal Apparel Co., Ltd. As described by TCP in its complaint, the Hacker “intercepted an email conversation between TCP and Universal;” “inserted itself into the conversation;” “requested a change of bank information;” and fraudulently “direct[ed] TCP to pay Universal using [the] new bank account number.”
On July 14, 2017, TCP made a $498,753.58 payment to the altered bank account operated by the Hacker. Three days later, TCP made a second payment to the same account in the amount of $468,960.71. TCP was unable to recover any of the funds transferred, resulting in a loss of $967,714.29.
At the time of the transfers, TCP was insured by a Crime Protection Policy (Policy), including coverage for computer-related crime and social engineering schemes, issued by Great American Insurance Company (GAIC). TCP submitted the loss to GAIC for coverage under the Policy. After GAIC denied coverage, TCP filed suit.
District Court Refuses to Dismiss Suit
The District Court denied GAIC’s motion to dismiss, concluding that TCP had stated claims for declaratory relief and breach of contract under the Policy’s “Computer Fraud” coverage. The policy defined computer fraud as:
loss resulting directly from the use of any computer to impersonate you, or your authorized officer or employee, to gain direct access to your computer system, or to the computer system of your financial institution, and thereby fraudulently cause the transfer of money, securities or other property from your premises or banking premises to a person, entity, place or account outside your control.
In reaching its decision, the district court rejected these reasons proffered by GAIC for denying coverage:
“First, although the complaint alleges that the [Hacker] accessed Universal’s email system, it does not allege facts to show that the [Hacker] ‘gain[ed] direct access’ to a computer system that belonged to TCP or its financial institution.” (Def. Br. at 12).
“Second … TCP’s loss would not be covered because the [Hacker] did not ‘thereby fraudulently cause the transfer of money … from [TCP’s] premises or banking premises to a person, entity, place or account outside [TCP’s] control.’ ”
According to the court, “neither of these reasons persuades the Court that Plaintiff has not stated a claim on the basis that the Loss is not covered under the Policy’s coverage for ‘Computer Fraud.’”
With regard to GAIC’s first argument, the court highlighted that TCP alleged: “The Hacker, through the use of a computer, … accessed and infiltrated Universal’s web email service;” “intercepted emails sent between Universal and TCP;” and “inserted itself into [TCP’s email] conversation.” In addition, TCP also stated that when “the Hacker redirected [email] messages to go to him,” he “effectively gained access to TCP’s email system” because “an email system that does not send the messages to the intended recipient is no longer under the control of the sender.” While GAIC argued that these allegations “do[ ] not mean the [Hacker] actually accessed TCP’s email system,” the court noted that GAIC “failed to cite any legal authority in support of that proposition.” Rather, the court was persuaded by TCP’s legal authority to the contrary, including Medidata Sols., Inc. v. Fed. Ins. Co., 268 F. Supp. 3d 471, 478 (S.D.N.Y. 2017) and Medidata Sols Inc. v. Fed. Ins. Co., 729 F. App’x 117, 118 (2d Cir. 2018)). The court also added that any factual disputes could not be resolved against the plaintiff at the motion to dismiss stage.
The court also rejected GAIC’s argument that TCP had not plausibly alleged satisfaction of the causation requirement in the policy’s computer fraud coverage. In support, the court emphasized that TCP alleged that “TCP’s employees transferred [the Loss] to the Hacker as a direct result of the Hacker’s access to TCP and Universal’s emails, the forged letter, and altered Vendor Setup Form.” According to the court, these “allegations do not lack plausibility,” and further questions as to the “cause of the loss … should be left for a jury” or summary judgment.
Message for New Jersey Businesses
Email-based cyberattacks, including “social engineering” schemes, are on the rise. Should your company’s cybersecurity measures fail to thwart an attack, a body of favorable court decisions suggests that insurance coverage may well be available to cover your losses. Nonetheless, it is always wise to review your crime and other relevant insurance policies and to address any additional requirements your carrier may be placing on the coverage, so that you can minimize potential gaps in coverage, particularly with respect to growing cybersecurity threats.
If you have any questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Charles Yuen, or the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
Secured transactions form the backbone of a wide range of business dealings, including business loans, mortgages, and inventory financing. Because the stakes are often high and relatively minor oversights can have drastic consequences, lenders and borrowers should thoroughly understand how to form an enforceable security agreement that protects their legal rights. What Is a Secured […]
Don’t Cash a “Paid in Full” Check Without Understanding the Legal Implications
Cashing a check marked “paid in full” can be a risky endeavor, particularly if you don’t fully understanding the legal implications. If you are owed more than the amount of the check you accept and deposit, you may waive your right to collect the full disputed amount. That is why you should consider either rejecting […]
Changes to Qualified Small Business Stock Will Benefit Startup Founders and Investors
The One Big Beautiful Bill Act of 2025 (OBBBA) significantly impacts federal taxes, credits, and deductions. A key change relating to Qualified Small Business Stock (QSBS) allows greater tax-free gains for investments in startups and other qualifying small businesses. Company founders and other investors should understand how the enhanced tax strategy works or risk missing […]
Corporate Consolidation and Antitrust Issues in Mergers
Corporate consolidation involves two or more businesses merging to become a single larger entity. The result is often a stronger and more competitive company that can better navigate today’s competitive marketplace. What Is Corporate Consolidation? Corporate consolidation closely resembles a basic merger transaction. The primary difference is that a consolidation creates an entirely new business […]
Business law plays a critical role in nearly every aspect of running a successful enterprise, from negotiating a commercial lease to drafting employee policies to fulfilling corporate disclosure obligations. Understanding what is business law and your legal obligations can help your business run smoothly and build productive relationships with clients, business partners, regulators, and others. […]
Corporate Transactions: Best Practices for Successful Deals
Corporate transactions can have significant implications for a corporation and its stakeholders. For deals to be successful, companies must act strategically to maximize value and minimize risk. It is also important to fully understand the legal and financial ramifications of corporate transactions, both in the near and long term. Understanding Corporate Transactions The term “corporate […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
