Hunton Insurance Recovery Blog

Retailer Tesco Plc’s banking branch reported earlier this week that £2.5 million (approximately $3 million) had been stolen from 9,000 customer bank accounts over the weekend in what cyber experts said was the first mass hacking of accounts at a western bank. The reported loss is still being investigated by UK authorities but is believed to have occurred through the bank’s online banking system. The loss, which is about half of what Tesco initially estimated, is still substantial and serves as a strong reminder that cyber-related losses are a real threat to retailers and other ...

On November 9, 2016, my colleagues Syed Ahmad, Shawn Regan and Shannon Shaw, published an article in Corporate Counsel discussing a recent decision from New York’s highest court that may impact the exchange of information between policyholders and their insurers. The article addresses the impact of Ambac Assurance v. Countrywide Home Loans, in which the New York Court of Appeals held that an attorney-client communication disclosed to a third party during the period between the signing and closing of a merger will remain privileged only if the communication relates to a common ...

On November 4, Michael Levine and Matthew McLellan provided commentary for Westlaw about the Fifth Circuit’s recent decision in Apache Corp. v. Great American Insurance Co., No. 15-20499, 2016 WL 6090901 (5^th Cir. Oct. 18, 2016), on which Michael Levine had previously written a blog post. In the Westlaw Journal: Computer and Internet, Mike and Matt discussed a frustrating gap in coverage for “computer fraud” that may be found in some crime policies. They encourage policyholders to review their legacy and cyber policies to ensure that complex cyber risks are actually covered ...

On November 4, Michael Levine and Matthew McLellan provided commentary for Westlaw about the Fifth Circuit’s recent decision in Apache Corp. v. Great American Insurance Co., No. 15-20499, 2016 WL 6090901 (5^th Cir. Oct. 18, 2016), on which Michael Levine had previously written a blog post. In the Westlaw Journal: Computer and Internet, Mike and Matt discussed a frustrating gap in coverage for “computer fraud” that may be found in some crime policies. They encourage policyholders to review their legacy and cyber policies to ensure that complex cyber risks are actually covered ...

On October 27, 2016, my colleague, Michael S. Levine, was quoted in Business Insurance concerning the recent decision in Camp’s Grocery Inc. v. State Farm Fire & Casualty Co., which he and I discussed on October 26, 2016 on the Hunton & Williams LLP Insurance Recovery Blog.  In Camp’s, the court refused to find coverage under legacy property and liability policies for third-party liabilities arising from the hacking of a point-of-sale network and the resulting breach of bank card and other data.  Mike's comments on the risk of relying on legacy coverage for cyber protection and the ...

On October 27, 2016, my colleague, Michael S. Levine, was quoted in Business Insurance concerning the recent decision in Camp’s Grocery Inc. v. State Farm Fire & Casualty Co., which he and I discussed on October 26, 2016 on the Hunton & Williams LLP Insurance Recovery Blog.  In Camp’s, the court refused to find coverage under legacy property and liability policies for third-party liabilities arising from the hacking of a point-of-sale network and the resulting breach of bank card and other data.  Mike's comments on the risk of relying on legacy coverage for cyber protection and the ...

On August 15, we wrote a blog post (which can be accessed here) about how the Eleventh Circuit certified to the Florida Supreme Court the issue of whether Florida’s pre-suit process in contractor cases, under Chapter 558 of the Florida Statutes, constitutes a “suit” under CGL policy language, which would trigger the insurer’s duty to defend. On October 25, various construction trade organizations and a nonprofit policyholder advocacy group, United Policyholders, urged the Florida Supreme Court to rule in favor of Altman Contractor Inc.’s (“Altman”) interpretation that a construction defect notice issued under Chapter 558 constitutes a “suit” under CGL policies because such a reading would promote insureds and insurers to resolve disputes with the underlying plaintiff out of court and because CGL policies should be construed broadly to provide coverage for pre-litigation proceedings.

On March 31 and April 15, we wrote blog posts (which can be accessed here and here) about a D.C. federal judge's decision to rescind MetLife's systematically important financial institution (SIFI) status. On October 24, a D.C. Circuit three-judge panel heard oral argument of the appeal of that decision. The federal government advocated to reinstate MetLife's "too big to fail" designation by arguing that regulators were not required to prove the insurance giant was likely to collapse before imposing enhanced federal oversight. Conversely, attorneys for MetLife argued that the Financial Stability Oversight Council (FSOC) acted arbitrarily by not partaking in any threshold analysis of how MetLife would be vulnerable to a financial collapse.

As reported in the Privacy & Information Security Law blog, on October 25, 2016, the Federal Trade Commission released a guide for businesses on how to handle and respond to data breaches (the “Guide”). The 16-page guide details steps businesses should take once they become aware of a potential breach. The guide also underscores the need for cyber-specific insurance to help offset potentially significant response costs.

As reported in the Hunton Retail Law Resource blog, a federal judge in Alabama ruled Tuesday that a grocer could not rely on its legacy business insurance policies – including an "electronic data" coverage extension – to protect against third-party claims after customer data was compromised by a point-of-sale cyberattack. The decision in Camp's Grocery, Inc. v. State Farm Fire and Casualty Company is yet another reminder to policyholders to ensure that their cyber security programs include both adequate cyber security safeguards and appropriate first-party and third-party cyber/crime insurance coverages. Failure to maintain either may jeopardize coverage for resulting cyber losses.