It’s a cautionary tale of cyber fraud.  A title agent in a real estate transaction receives an email ostensibly from the mortgage lender providing instructions for transferring the loan proceeds into a settlement bank account.  After transferring the funds ($520,000), it becomes apparent that the transfer instructions came from an email address that was one letter off from the mortgage lender’s actual email address – it was a scam.  But it’s too late, the scammer has already withdrawn the funds from the settlement account and cannot be traced.

Continue Reading Engineering Coverage for Social Engineering Schemes in Light of New Jersey Federal Court Opinion Finding No Errors and Omissions Coverage for Email Scam

Is it illegal for an insurer to pay the ransom demanded in a cyber extortion or ransomware attack on its insured? According to the US Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC”) October 1, 2020 advisory (“OFAC Advisory”), in certain situations, it may be.

Continue Reading While OFAC Cautions Cyber Insurers About Facilitating Ransomware Payments, Policyholders Should Ensure They’re Covered

Trading on New Zealand’s stock exchange was disrupted last week, following four straight days of repeated cyberattacks that resulted in outages affecting debt, equities, and derivatives markets.  The DDoS attack, which is said to have originated offshore, is allegedly part of a global extortion scheme that has also targeted companies like PayPal and Venmo.  With this type of cyberattack becoming only more common and sophisticated, it is vital for policyholders to focus on the host of available insurance coverage options to protect against and maximize their insurance recovery following losses from a cyberattack.

Continue Reading Continuous 4-Day Cyberattack on the New Zealand Exchange Highlights Importance of Insurance Coverage for Cyberattacks and of Having a Sound Strategy to Maximize Recovery

While COVID-19 occupies most of the world’s attention, cyber-criminals continue to hone their trade. Consequently, with attention diverted and business-as-usual changing daily, the recent rise in cyber-related attacks comes as no surprise. Analysts have found that companies with an increased number of employees working remotely as a result of the coronavirus pandemic have witnessed a spike in malicious cyber-attacks. For example, the United States Health and Human Services Department experienced two separate cyber-attacks since the onset of COVID-19, with the attacks aimed at sowing panic and overloading the HHS servers.[1] These attacks, however, are not limited to the United States, as they have been reported across the globe. For instance, hackers launched a cyber-attack on a hospital in the Czech Republic, stalling dozens of coronavirus test results, only days after the government declared a national emergency.[2]

Continue Reading COVID-19 Impacting Cyber Security; Attacks on the Rise

Social engineering attacks, particularly fraudulent transfers, are becoming one of the most utilized cyber scams.  As a result, there has been a flurry of litigation, and a patchwork of decisions, concerning coverage disputes over social engineering losses.  Most recently, the United States District Court for the Eastern District of Virginia found in Midlothian Enterprises, Inc. v. Owners Insurance Company, that a so-called “voluntary parting” exclusion provision in a crime policy should exclude coverage for a fraudulent transfer social engineering scheme.  The decision illustrates why policyholders must vigilantly analyze their insurance policies to ensure that their coverages keep pace with what has proven to be a rapidly evolving risk landscape.

Continue Reading Voluntary Parting Exclusion Bars Coverage for Social Engineering Scheme

As reported on the January 31, 2020 posting to the Hunton Retail Law Resource Blog, the Florida legislature has introduced identical bills in the Florida House of Representatives (HB 963) and the Senate (SB 1670) (collectively the Act) that, if adopted, will require companies operating websites and other online services in the state to inform Florida consumers whether it is collecting personal information, and to provide an opportunity for the consumer to opt out of the sale of the personal information.

Continue Reading Florida Following in Other Jurisdiction’s Footsteps with Proposed Data Privacy Legislation

A Maryland federal court recently awarded summary judgment to National Ink and Stitch, finding coverage for a cyber-attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.  We discussed the significance of the decision in a January 27 blog post that can be found here.

Continue Reading Hunton Insurance Partners Andrews and Levine Comment to Law360 and Business Insurance on Recent Ransomware Coverage Win for National Ink

Ruling on cross motions for summary judgment, a federal court in New York held that AIG Specialty Insurance Company (AIG) must cover the settlement of an underlying action against its insured, SS&C Technologies Holdings, Inc. (SS&C), who was duped by e-mail scammers to issue millions in wire transfers.  The court rejected AIG’s assertion that the loss resulted from SS&C’s exercise of authority or discretionary control of client funds where SS&C only had limited administrative authority and further held that, even if SS&C had exercised the requisite authority, the exclusion was ambiguous.  A copy of the court’s decision can be found here.

Continue Reading New York Federal Court Says Social Engineering Scheme Covered Under Professional Liability Policy

As crypto-asset losses continue to rise, the industry is taking steps to protect clients and investors through insurance. Crypto-exchange and custody provider, Gemini Trust Company, LLC (“Gemini”), recently launched its own captive insurance provider, Nakamoto, Ltd. Captive insurance is an alternative to self-insurance whereby a company creates a licensed insurance company to provide coverage for itself. According to a statement from Gemini, Nakamoto is “the world’s first captive to insure crypto custody” and allows Gemini “to increase its insurance capacity beyond the coverage currently available in the commercial insurance market” for cryptocurrency wallets not connected to the internet, commonly referred to as “cold storage.” According to Gemini, this move makes Nakamoto the world’s most insured crypto-asset cold storage solution, which signals an expectation of increased demand in the crypto market.

Continue Reading Captive Insurance Offers Protection to Growing Crypto-Currency Industry

Innovation and developments in technology bring both opportunities and challenges for the retail industry, and Hunton Andrews Kurth has a sophisticated understanding of these issues and how they affect retailers. On January 23, 2020, our cross-disciplinary retail team, composed of over 200 lawyers, released our annual Retail Industry Year in Review. The 2019 edition,