Highlighting the continued problems faced by policyholders in obtaining coverage for “computer fraud,” a Michigan district court recently held that a manufacturer could not recover $800,000 in funds lost after an employee mistakenly wired payment for legitimate vendor invoices into a fraudster’s bank account after receiving a spoofed e-mail requesting payment. In American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America, No. 16-12108 (E.D. Mich. Aug. 1, 2017), the district court applied state law favoring a narrow interpretation of the crime policy’s computer fraud provision to hold that the policyholder had not suffered a “direct” loss that was “directly caused” by the use of any computer.
Continue Reading District Court Holds Narrow Computer Fraud Provision, Restrictive State Law, Means No “Direct Loss” Arising From Fraudulent E-mail Scheme

Hunton & Williams insurance practice head Walter Andrews commented in a July 25, 2017, Law360 article concerning a New York federal court’s recent decision in Medidata Solutions, Inc. v. Federal Ins. Co., where the court found coverage for a $4.8 million “social engineering” loss that occurred after Medidata received fraudulent emails that caused accounting

A federal judge in New York awarded summary judgment on Friday in favor of Medidata Solutions, Inc., finding that Medidata’s $4.8 million loss suffered after Medidata was tricked into wiring funds to a fraudulent overseas account, triggered coverage under a commercial crime policy’s computer fraud provision and funds transfer fraud provision. The award comes after District Judge Andrew L. Carter, Jr., ruled in March 2016 that additional expert discovery was needed concerning the manner in which the fraudsters manipulated Medidata’s computer systems.

The lawsuit, discussed in an August 18, 2016, Hunton & Williams blog post, arose after employees in Medidata’s finance department were deceived into transferring $4.8 million to a Chinese bank account based on emails that falsely appeared to come from a Medidata executive. Federal Insurance Company, a unit of Chubb Corp., insured Medidata under a policy providing coverage for, among other things, computer fraud, forgery and funds transfer fraud. Federal argued that Medidata’s claim was not covered because, among other things, there was no manipulation of Medidata’s computers and Medidata “voluntarily” transferred the funds.Continue Reading Chubb Owes $4.8M for Medidata Social Engineering Loss

Beginning last Friday, and still occurring today, one of the worst and most widespread malware attacks has impacted more than 200,000 victims in at least 150 countries, including Britain’s National Health Service, FedEx, telecommunications companies Telefonica and Megafon, and automakers Renault and Nissan. The malware, known as “WannaCry,” disables the user’s computer system and all of its data. A note in a text file then appears stating that in order to unlock the computer, $300 worth of the digital currency bitcoin must be paid to the hackers. A countdown timer appears and the fee increases with time. The hackers threaten to delete all data on the computer system if payment is not sent within one week. Cybersecurity experts believe that the malware was sent to computers through “phishing attacks,” which are emails that appear to be from reputable sources and include a download to a link that allows the malware to infect the computer. From these computers, the malware then spread to other computers on the network. One infected computer can spread this virus network-wide, and quickly.
Continue Reading If You Don’t “WannaCry” After A Cyber Attack, Review Your Cyber Insurance Coverage

Cyber and crime insurance policies have been heavily recommended to address the growing prevalence and types of cyber risks.  Walter Andrews and Jennifer White recently authored an article appearing in Risk Management discussing how the purchase of cyber and crime insurance policies alone is not enough to successfully manage these risks. These policies must be