Hacking Can Cost Your Business Millions of Dollars, Which is When Hacking Insurance Becomes Critically Important. However, Insurance Companies Often Deny Hacking Claims. When Is Hacking Covered By Insurance?
Hacking and other cybercrimes often cost millions of dollars. When financial losses can’t be recovered from the perpetrators, insurance coverage becomes critically important.
Unfortunately, insurance companies often deny claims, and the law regarding coverage in cybercrime suits is still evolving. Most recently, a New Jersey federal court refused to dismiss a suit seeking insurance coverage for nearly $1 million in losses caused by a social engineering scheme.
Computer Fraud Insurance Claim
In The Children’s Place, Inc. v. Great Am. Ins. Co., The Children’ Place, Inc. (TCP) is seeking to recover losses totaling $967,714.29 that the company mistakenly made to an unauthorized third party (the “Hacker”) instead of to TCP’s vendor, Thailand-based Universal Apparel Co., Ltd. As described by TCP in its complaint, the Hacker “intercepted an email conversation between TCP and Universal;” “inserted itself into the conversation;” “requested a change of bank information;” and fraudulently “direct[ed] TCP to pay Universal using [the] new bank account number.”
On July 14, 2017, TCP made a $498,753.58 payment to the altered bank account operated by the Hacker. Three days later, TCP made a second payment to the same account in the amount of $468,960.71. TCP was unable to recover any of the funds transferred, resulting in a loss of $967,714.29.
At the time of the transfers, TCP was insured by a Crime Protection Policy (Policy), including coverage for computer-related crime and social engineering schemes, issued by Great American Insurance Company (GAIC). TCP submitted the loss to GAIC for coverage under the Policy. After GAIC denied coverage, TCP filed suit.
District Court Refuses to Dismiss Suit
The District Court denied GAIC’s motion to dismiss, concluding that TCP had stated claims for declaratory relief and breach of contract under the Policy’s “Computer Fraud” coverage. The policy defined computer fraud as:
loss resulting directly from the use of any computer to impersonate you, or your authorized officer or employee, to gain direct access to your computer system, or to the computer system of your financial institution, and thereby fraudulently cause the transfer of money, securities or other property from your premises or banking premises to a person, entity, place or account outside your control.
In reaching its decision, the district court rejected these reasons proffered by GAIC for denying coverage:
“First, although the complaint alleges that the [Hacker] accessed Universal’s email system, it does not allege facts to show that the [Hacker] ‘gain[ed] direct access’ to a computer system that belonged to TCP or its financial institution.” (Def. Br. at 12).
“Second … TCP’s loss would not be covered because the [Hacker] did not ‘thereby fraudulently cause the transfer of money … from [TCP’s] premises or banking premises to a person, entity, place or account outside [TCP’s] control.’ ”
According to the court, “neither of these reasons persuades the Court that Plaintiff has not stated a claim on the basis that the Loss is not covered under the Policy’s coverage for ‘Computer Fraud.’”
With regard to GAIC’s first argument, the court highlighted that TCP alleged: “The Hacker, through the use of a computer, … accessed and infiltrated Universal’s web email service;” “intercepted emails sent between Universal and TCP;” and “inserted itself into [TCP’s email] conversation.” In addition, TCP also stated that when “the Hacker redirected [email] messages to go to him,” he “effectively gained access to TCP’s email system” because “an email system that does not send the messages to the intended recipient is no longer under the control of the sender.” While GAIC argued that these allegations “do[ ] not mean the [Hacker] actually accessed TCP’s email system,” the court noted that GAIC “failed to cite any legal authority in support of that proposition.” Rather, the court was persuaded by TCP’s legal authority to the contrary, including Medidata Sols., Inc. v. Fed. Ins. Co., 268 F. Supp. 3d 471, 478 (S.D.N.Y. 2017) and Medidata Sols Inc. v. Fed. Ins. Co., 729 F. App’x 117, 118 (2d Cir. 2018)). The court also added that any factual disputes could not be resolved against the plaintiff at the motion to dismiss stage.
The court also rejected GAIC’s argument that TCP had not plausibly alleged satisfaction of the causation requirement in the policy’s computer fraud coverage. In support, the court emphasized that TCP alleged that “TCP’s employees transferred [the Loss] to the Hacker as a direct result of the Hacker’s access to TCP and Universal’s emails, the forged letter, and altered Vendor Setup Form.” According to the court, these “allegations do not lack plausibility,” and further questions as to the “cause of the loss … should be left for a jury” or summary judgment.
Message for New Jersey Businesses
Email-based cyberattacks, including “social engineering” schemes, are on the rise. Should your company’s cybersecurity measures fail to thwart an attack, a body of favorable court decisions suggests that insurance coverage may well be available to cover your losses. Nonetheless, it is always wise to review your crime and other relevant insurance policies and to address any additional requirements your carrier may be placing on the coverage, so that you can minimize potential gaps in coverage, particularly with respect to growing cybersecurity threats.
If you have any questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Charles Yuen, or the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
The SEC’s Latest Guidance on Applying Federal Securities Laws to Tokenized Securities
On January 28, 2026, staff of the U.S. Securities and Exchange Commission’s Divisions of Corporation Finance, Investment Management, and Trading and Markets issued a joint statement clarifying how existing federal securities laws apply to tokenized securities. The SEC’s “Statement on Tokenized Securities” does not establish new law, but it does provide greater clarity on the […]
Common Legal Mistakes NYC and New Jersey Business Owners Make
Operating a business in the New Jersey and New York City metropolitan region offers incredible opportunities, but it also requires navigating a dense and highly regulated legal environment. From entity formation to regulatory compliance, seemingly minor legal oversights can expose business owners to significant risk. In our work with businesses throughout the region, our attorneys […]
High-profile founder litigation is more than just a media spectacle. For startup founders, these cases underscore the legal and structural risks that can arise when rapid growth outpaces formal oversight. While launching a new company can be both an exciting and deeply rewarding endeavor, founders must be mindful that it also comes with significant risks. […]
Corporate Governance Reviews: A Practical Guide for New Jersey Companies
Every New Jersey company should periodically evaluate its governance framework. Strong corporate governance protects directors and officers, builds investor confidence, reduces litigation exposure, and positions a company for sustainable growth. The first quarter of the year is a great time to evaluate your corporate governance practices and perform any routine maintenance needed to keep that […]
What to Do After Being Served with a Lawsuit: Steps to Protect Your Legal Rights
Being served with a lawsuit is one of the most stressful legal events a business or individual can face. Whether the claim involves a contract dispute, an employment matter, an intellectual property issue, or another legal challenge, the actions you take in the first few days can significantly shape the outcome of your case. Acting […]
Will 2026 Be a Banner Year for SPACs? Understanding the Risks and Opportunities
Special Purpose Acquisition Companies (SPACs) continue to gain momentum as we move through 2026. After enduring a significant contraction following the 2021 boom and the regulatory scrutiny that followed, SPAC activity rebounded sharply in 2025 and now carries forward into 2026 with real momentum. The SPAC resurgence reflects broader improvements in both market conditions and the […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
