Phishing attacks are on the rise, and they are targeting Microsoft’s flagship cloud-based products. According to a report by specialist data breach insurer Beazley, hackers have increased attempted and successful attacks on Microsoft Office 365, especially systems used by financial, health care, and professional services organizations. These attacks are deceptively simple, relying on employees and contractors falling for fake, yet well disguised, Microsoft communications, like a HelpDesk message or a survey. Once employees or contractors interact with these communications, they are prompted to enter personal information, which allows the hackers access to confidential information. This information allows the intruders to steal customer data, initiate bank transfers, and gain access to additional employees’ accounts. Microsoft 365’s default settings compound the dangers of these attacks because they decrease the ability to track how many accounts are compromised.
Darshan Karboj described a grisly scene during an October 2016 wedding. She alleges that, during the festivities, a photography drone operated by wedding photographers of Hollycal Production Inc. hit her in the head, causing major injuries, including the loss of an eye. Even though it had some insurance, Hollycal might be on the hook for the bills from this unfortunate incident.
On May 10, 2018, the Eleventh Circuit Court of Appeals affirmed a Northern District of Georgia decision barring coverage for a loss claimed to arise under a “Computer Fraud” policy issued by Great American Insurance Company to Interactive Communications International, Inc. and HI Technology Corp. Interactive Commc’ns Int’l, Inc. v. Great Am. Ins. Co., No. 17-11712, 2018 WL 2149769 (11th Cir. May 10, 2018). InComm sells “chits,” each of which has a specific monetary value to consumers who can redeem them by transferring that value to their debit card. To redeem a chit, a consumer dials a specific 1-800 number and goes through a computerized interactive voice system. InComm lost $11.4 million when fraudsters manipulated a glitch in the system by placing multiple calls at the same time. This allowed consumers to redeem chits more than once. InComm sought coverage for these losses under its “Computer Fraud” policy.
The California Court of Appeal has affirmed that Lloyd’s of London and other insurers cannot escape coverage for $132.5 million in settlements arising from the 2008 Chatsworth train crash, in which 25 individuals were killed and more than 130 injured. In Those Certain Underwriters at Lloyd’s, London v. Connex Railroad LLC, No. B276373, 2018 WL 1871278 (Cal. App. 2d Dist. Apr. 19, 2018), the Second District Court of Appeal affirmed the Los Angeles Superior Court’s ruling, discussed in our November 9, 2015 blog post, that the insurers were obligated to indemnify Connex Railroad for the settlements.
Drug-maker Pfizer and one of its excess insurers, North River, are in the middle of a contentious dispute regarding the proper forum for their coverage dispute over directors and officers liability insurance following both parties’ race to the courthouse to file competing lawsuits in 2015. Pfizer argues that its own preferred forum of Delaware (where Pfizer is incorporated) is correct, while North River counters that New York (where Pfizer’s headquarters and its broker are located) is the proper forum. The dispute, which involves competing motions in Delaware and New York courts, highlights the importance of both the timing and location of forum selection in litigating insurance coverage disputes.
The Federal Financial Institutions Examination Council (“FFIEC”), a U.S. governmental body comprised of banking regulators, recently issued guidance to financial institutions directing them to consider implementing dedicated cyber insurance programs to offset financial losses resulting from cyber incidents. Financial institutions face a number of potentially crippling risks arising from cyber incidents, including financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service. While cyber insurance can mitigate these risks, it is not required by financial regulators, and thus many financial institutions may not have obtained such insurance specifically designed to cover their cyber risks. Nonetheless, the FFIEC now is urging financial institutions to include dedicated cyber insurance as part of a multi-faceted cyber risk management strategy and not to rely solely on traditional insurance. In addition, the FFIEC is recommending that financial institutions have their outside advisors review their potential cyber insurance coverage to ensure that it will cover the relevant risks.
Hunton Andrews Kurth LLP insurance recovery partners, Lorelie Masters and Lawrence J. Bracken II, received rankings in the 2018 Chambers and Partners USA attorney rankings. Lorie received “Band 1” recognition in the Policyholder Insurance category for the District of Columbia and a “Band 2” recognition in the Dispute Resolution: Policyholder Insurance category for the Nationwide regions, while Larry received “Band 4” recognition in the General Commercial Litigation category among Georgia attorneys. Both designations are the product of the outstanding results Lorie and Larry have achieved in their respective fields, and are indicative of the level of expertise both bring to the insurance recovery practice at Hunton Andrews Kurth, LLP.
May 25, 2018 should be a day circled on many company calendars. On that day, the European Union’s long-awaited Global Data Protection Regulation (“GDPR”) will go into effect. It is crucial for U.S. companies to prepare for the GDPR, as they, too, will be required to comply with a new set of data privacy rules if they are handling data from EU-based customers, suppliers, or affiliates. As long as you collect personal or behavioral data from someone in the EU, you must comply with the GDPR.
On April 13, 2018, the Superior Court of New Jersey, Appellate Division, affirmed a trial court decision finding that a bill of sale intended to include the transfer of insurance rights and finding that such transfer did not violate an anti-assignment clause. Cooper Industries, LLC, Plaintiff-Respondent, v. Columbia Casualty Company And One Beacon America Insurance Company, Defendants-Appellants, and Employers Insurance Of Wausau, Allstate Insurance Company, Lexington Insurance Company And Westchester Fire Insurance Company, 2018 WL 1770260,(N.J. Super. A.D., 2018). In May 1986, Cooper Industries merged several entities and transferred assets to a “new” McGraw-Edison Company through a bill of sale. Eighteen years later, on November 30, 2004, Cooper Industries merged the new McGraw-Edison company into itself. In 2009, the Environmental Protection Agency determined that Cooper Industries was responsible for generating and disposing of hazardous substances due to McGraw-Edison’s actions taken years earlier. Cooper Industries sought coverage under the commercial general liability policies McGraw-Edison had in place at the time of the environmental and pollution-related occurrences.
On April 20, 2018, the Eleventh Circuit affirmed an Alabama district court decision finding that an “absolute pollution exclusion” did not bar coverage for environmental property damage and injuries from a sewage leak. Evanston Ins. Co. v. J&J Cable Constr., LLC, No. 17-11188, 2018 WL 1887459, (11th Cir. Apr. 20, 2018).