A California federal court found coverage under AIG’s general liability policy for the defense and indemnity of email scanning suits against Yahoo!. Those suits generally alleged that Yahoo! profited off of scanning its users’ emails. Because the allegations gave rise to the possibility that Yahoo! disclosed private content to a third party, the court found that the suit potentially fell within the coverage for “oral or written publication, in any manner, of material that violates a person’s right of privacy.” Thus, AIG’s duty to defend was triggered.

The court also found that AIG had a duty to indemnify for Yahoo!’s settlement in the email scanning suits. One key question was whether the settlement amount paid as attorneys’ fees to plaintiff’s counsel constituted damages under the policy. The court concluded that they were, based on the fact that the plaintiffs sought attorneys’ fees under a statute and on its finding that Yahoo! would reasonably expect that those fees would qualify as damages.

Yahoo! had also alleged that AIG acted in bad faith in its claims handling because AIG had denied coverage for the first two lawsuits and then ultimately acknowledged such an obligation with respect to the third lawsuit and in so doing had cited exclusions that were not a part of the policy. The court found that issue was one for a jury to decide.

This decision is another example that valuable cyber coverage for defense and indemnification may be available under general liability policies. Of course, whether there is coverage will depend on the particulars of the claim and the insurance policy.

On April 17, 2018, the Ninth Circuit affirmed a district court decision finding that an exclusion barred coverage for a $700,000 loss resulting from a social engineering scheme. Aqua Star (USA) Corp. v. Travelers Cas. & Surety Co. of Am., No. 16-35614 (9th Cir. Apr. 17, 2018). The scheme involved fraudsters who, while posing as employees, directed other employees to change account information for a customer. The employees changed the account information and sent four payments to the fraudsters.

Continue Reading Ninth Circuit Finds Exclusion Bars Coverage For Social Engineering Scheme

In a recent brief filed in the Sixth Circuit, American Tooling Center, Inc. argued that the appellate court should reverse the district court’s decision finding no insurance coverage for $800,000 that American Tooling lost after a fraudster’s email tricked an employee into wiring that amount to the fraudster. As we previously reported here, the district court found the insurance policy did not apply because it concluded that American Tooling did not suffer a “direct loss” that was “directly caused by computer fraud,” as required for coverage under the policy. The district count pointed to “intervening events” like the verification of production milestones, authorization of the transfers, and initiating the transfers without verifying the bank account information and found that those events precluded a “finding of ‘direct’ loss ‘directly caused’ by the use of any computer.”

Continue Reading Policyholder Urges 6th Circuit To Reverse Decision Finding No Coverage For Computer Fraud

A California state court recently rejected an excess insurer’s attempt at an early exit from litigation over whether it owes coverage for cyber liabilities. In that case (previously summarized here), the policyholder, Cottage Health, suffered a data breach resulting in the disclosure of patients’ private medical information. Subject to a reservation of rights, Cottage Health’s primary insurer, Columbia Casualty, paid millions of dollars to help respond to the data breach and to defend and settle a class action lawsuit filed against Cottage Health. Cottage Health’s excess insurer was Lloyd’s.

Continue Reading Excess Insurer Must Stay In Cyber Insurance Case

A recent decision highlights the need for businesses to carefully consider the applicability of insurance coverage across borders. In this case, the owners of an Idaho restaurant traveled to Thailand for business related to the restaurant. While in Thailand, thieves stole uniforms and decorations from the owners, who then submitted an insurance claim. The insurer denied the claim because the policy only covered property within the “coverage territory,” which was limited to the U.S., its territories, and Canada.

Continue Reading Idaho Restaurant Denied Coverage For Loss In Thailand

In prior posts (here and here), we have highlighted some potential coverage concerns for losses arising out of the use of blockchain technology. However, as previously reported, Blockchain technology’s relevance to insurance is not limited to coverage for losses. In fact, earlier this week, the Blockchain Insurance Industry Initiative known as B3i expanded its membership to include heavyweight insurance companies like Chubb, AIG, and Gen Re as well as notable insurance and reinsurance brokers like Marsh, Guy Carpenter, Willis Re, and JLT Re.

Continue Reading Blockchain Insurance Industry Initiative (B3i) Grows

Since our first report last year, Lemonade Insurance, a tech start-up that planned to offer peer-to-peer insurance products, has launched in four states, offering homeowners and renters insurance in New York, California, Illinois, and New Jersey. Lemonade’s cutting-edge use of technology and its alternative business model could prove disruptive to the insurance industry.

Continue Reading Industry May Sour Over Lemonade Insurance’s Sweet Formula