Hacking Can Cost Your Business Millions of Dollars, Which is When Hacking Insurance Becomes Critically Important. However, Insurance Companies Often Deny Hacking Claims. When Is Hacking Covered By Insurance?
Hacking and other cybercrimes often cost millions of dollars. When financial losses can’t be recovered from the perpetrators, insurance coverage becomes critically important.
Unfortunately, insurance companies often deny claims, and the law regarding coverage in cybercrime suits is still evolving. Most recently, a New Jersey federal court refused to dismiss a suit seeking insurance coverage for nearly $1 million in losses caused by a social engineering scheme.
Computer Fraud Insurance Claim
In The Children’s Place, Inc. v. Great Am. Ins. Co., The Children’ Place, Inc. (TCP) is seeking to recover losses totaling $967,714.29 that the company mistakenly made to an unauthorized third party (the “Hacker”) instead of to TCP’s vendor, Thailand-based Universal Apparel Co., Ltd. As described by TCP in its complaint, the Hacker “intercepted an email conversation between TCP and Universal;” “inserted itself into the conversation;” “requested a change of bank information;” and fraudulently “direct[ed] TCP to pay Universal using [the] new bank account number.”
On July 14, 2017, TCP made a $498,753.58 payment to the altered bank account operated by the Hacker. Three days later, TCP made a second payment to the same account in the amount of $468,960.71. TCP was unable to recover any of the funds transferred, resulting in a loss of $967,714.29.
At the time of the transfers, TCP was insured by a Crime Protection Policy (Policy), including coverage for computer-related crime and social engineering schemes, issued by Great American Insurance Company (GAIC). TCP submitted the loss to GAIC for coverage under the Policy. After GAIC denied coverage, TCP filed suit.
District Court Refuses to Dismiss Suit
The District Court denied GAIC’s motion to dismiss, concluding that TCP had stated claims for declaratory relief and breach of contract under the Policy’s “Computer Fraud” coverage. The policy defined computer fraud as:
loss resulting directly from the use of any computer to impersonate you, or your authorized officer or employee, to gain direct access to your computer system, or to the computer system of your financial institution, and thereby fraudulently cause the transfer of money, securities or other property from your premises or banking premises to a person, entity, place or account outside your control.
In reaching its decision, the district court rejected these reasons proffered by GAIC for denying coverage:
“First, although the complaint alleges that the [Hacker] accessed Universal’s email system, it does not allege facts to show that the [Hacker] ‘gain[ed] direct access’ to a computer system that belonged to TCP or its financial institution.” (Def. Br. at 12).
“Second … TCP’s loss would not be covered because the [Hacker] did not ‘thereby fraudulently cause the transfer of money … from [TCP’s] premises or banking premises to a person, entity, place or account outside [TCP’s] control.’ ”
According to the court, “neither of these reasons persuades the Court that Plaintiff has not stated a claim on the basis that the Loss is not covered under the Policy’s coverage for ‘Computer Fraud.’”
With regard to GAIC’s first argument, the court highlighted that TCP alleged: “The Hacker, through the use of a computer, … accessed and infiltrated Universal’s web email service;” “intercepted emails sent between Universal and TCP;” and “inserted itself into [TCP’s email] conversation.” In addition, TCP also stated that when “the Hacker redirected [email] messages to go to him,” he “effectively gained access to TCP’s email system” because “an email system that does not send the messages to the intended recipient is no longer under the control of the sender.” While GAIC argued that these allegations “do[ ] not mean the [Hacker] actually accessed TCP’s email system,” the court noted that GAIC “failed to cite any legal authority in support of that proposition.” Rather, the court was persuaded by TCP’s legal authority to the contrary, including Medidata Sols., Inc. v. Fed. Ins. Co., 268 F. Supp. 3d 471, 478 (S.D.N.Y. 2017) and Medidata Sols Inc. v. Fed. Ins. Co., 729 F. App’x 117, 118 (2d Cir. 2018)). The court also added that any factual disputes could not be resolved against the plaintiff at the motion to dismiss stage.
The court also rejected GAIC’s argument that TCP had not plausibly alleged satisfaction of the causation requirement in the policy’s computer fraud coverage. In support, the court emphasized that TCP alleged that “TCP’s employees transferred [the Loss] to the Hacker as a direct result of the Hacker’s access to TCP and Universal’s emails, the forged letter, and altered Vendor Setup Form.” According to the court, these “allegations do not lack plausibility,” and further questions as to the “cause of the loss … should be left for a jury” or summary judgment.
Message for New Jersey Businesses
Email-based cyberattacks, including “social engineering” schemes, are on the rise. Should your company’s cybersecurity measures fail to thwart an attack, a body of favorable court decisions suggests that insurance coverage may well be available to cover your losses. Nonetheless, it is always wise to review your crime and other relevant insurance policies and to address any additional requirements your carrier may be placing on the coverage, so that you can minimize potential gaps in coverage, particularly with respect to growing cybersecurity threats.
If you have any questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Charles Yuen, or the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
Breach of Contract Explained: Types and Consequences
Breach of contract disputes are the most common type of business litigation. Therefore, nearly all New York and New Jersey businesses will likely have to deal with a contract dispute at least once. Understanding when to file a breach of contract lawsuit and how long you have to sue for breach of contract is essential […]
How to Dissolve a Corporation in New Jersey: A Step-by-Step Guide
Closing your business can be a difficult and challenging task. For corporations, the process includes formal approval of the dissolution, winding up operations, resolving tax liabilities, and filing all required paperwork. Whether you need to understand how to dissolve a corporation in New York or New Jersey, it’s imperative to take all of the proper […]
Gross Lease vs. Net Lease: Understanding the Key Differences
Commercial leases can take a variety of forms, which is often confusing for both landlords and tenants. Understanding the different types, especially the gross lease structure, is important when selecting the lease that best suits your needs. One key distinction between lease types is how rent is calculated and paid. This article addresses the two […]
What to Do If You Are Impacted by a Retailer Bankruptcy Part 2
Over the past year, brick-and-mortar stores have closed their doors at a record pace. Fluctuating consumer preferences, the rise of online shopping platforms, and ongoing economic uncertainty continue to put pressure on the retail industry. When a retailer seeks bankruptcy protection, a myriad of other businesses are often impacted. Whether you are a supplier, customer, […]
The Current Administration's Proposals for the Financial Services and Banking Industries Will Affect Your Business
Since his inauguration two months ago, Donald Trump’s administration and the Congress it controls have indicated important upcoming policy changes. These changes will impact financial services policies and priorities. The changes will particularly affect cryptocurrency, as well as banking rules and regulations. Key Regulatory Changes in Cryptocurrency For example, in the burgeoning cryptocurrency business environment, […]
Tips for Commercial Landlords Impacted by Wave of Retailer Bankruptcies Part 1
The retail sector has experienced a wave of bankruptcy filings over the last year. Brick-and-mortar businesses in financial distress include big-name brands like Big Lots, Party City, The Container Store, and Vitamin Shoppe. When large retailers seek bankruptcy protection, they are not the only businesses impacted. Landlords can be particularly hard hit. While commercial landlords […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
