Hunton Insurance Recovery Blog

A federal court recently denied an insurer’s motion to dismiss an insured’s claim for declaratory relief. The insurer argued that the policyholder’s declaratory judgment claim was redundant of its breach of contract claim. The Court ruled that “redundancy is not grounds for dismissal under Rule 12(b)(6).”

A federal court recently found that a policyholder adequately plead that a loss of hundreds of thousands of dollars through wire fraud is covered under a commercial crime policy. In Landings, Yacht, Golf, and Tennis Club v. Travelers Casualty and Surety Company of America Case No. 2:22-cv-00459, Landings Yacht, Golf, and Tennis Club (“Landings”) sued Travelers Casualty and Surety Company of America (“Travelers”) under a crime policy for denying coverage for: (1) about $6,885.79 in unauthorized withdrawals (“First Withdrawal”) from users purporting to be Landings and (2) $575,723.95 in withdrawals made by a third-party purporting to act on behalf of Landings (“Second Withdrawal”).^[1]

As businesses continue to increase their reliance on technology, they are bound to face the inevitable risks associated with online transactions and other cyber exposures. This, in turn, emphasizes the importance of having the proper insurance policies and compliance methods in place to prevent or, at least, mitigate losses that ensue from these risks. In this context, many insurance policies require that there be a “direct” loss for there to be coverage, which has spawned numerous lawsuits about what the word “direct” means. The latest court to weigh in has sided with the insured and interpreted that term broadly to essentially mean proximate causation.

Recently, the Ninth Circuit dealt with a case involving a scenario that is becoming all too common. In Ernst & Haas Mgmt. Co., Inc. v. Hiscox, Inc., 23 F.4th 1195 (9th Cir. 2022), a property management company’s accounts payable clerk received several e-mails from her supervisor instructing her to pay some invoices. Unbeknownst to the clerk, these e-mails did not originate with her supervisor, but were actually part of a fraudulent scheme to elicit fraudulent bank transfers. The clerk paid off hundreds of thousands of dollars in “invoices” before becoming suspicious but, by then, it was too late and the damage was done.

Following a bench trial, the United States District Court for the Eastern District of Virginia found in The Cincinnati Insurance Co. v. The Norfolk Truck Center that a commercial truck dealer’s social engineering loss arose directly from a computer, thereby triggering the dealer’s computer fraud coverage, notwithstanding that the scheme involved numerous non-computer acts in the causal chain of events.  A copy of the decision may be found here.

Phishing has been around for decades.  But now, the long-lost ancestor claiming to be a foreign prince is stealing more than your grandmother’s savings.  Phishers are targeting corporations—small and big, private and public—stealing sensitive data and money.  When Policyholders take the bait, they had better have a tailored insurance policy to keep their insurers on the hook as well.

The Hunton Andrews Kurth insurance recovery team secured a victory for firm client, The Children’s Place (“TCP”), obtaining a ruling from a New Jersey federal court in The Children’s Place, Inc. v. Great Am. Ins. Co., 2019 WL 1857118 (D.N.J. Apr. 25, 2019), in which the court allowed TCP to seek insurance coverage for a “social engineering scheme” that defrauded the company of $967,714.29.

In a recent post, we discussed the Sixth Circuit’s holding in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), where the Sixth Circuit reversed the district court’s summary judgment for the insurer, finding coverage under its policy for a fraudulent scheme that resulted in a $834,000.00 loss. The insurer, Travelers, has now asked the Court to reconsider its decision.

The Sixth Circuit, in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), reversed the District Court’s grant of summary judgment in favor of the insurer in a dispute over coverage for a social engineering scheme. The policyholder, American Tooling, lost $800,000 after a fraudster’s email tricked an American Tooling employee into wiring that amount to the fraudster.

On May 10, 2018, the Eleventh Circuit Court of Appeals affirmed a Northern District of Georgia decision barring coverage for a loss claimed to arise under a “Computer Fraud” policy issued by Great American Insurance Company to Interactive Communications International, Inc. and HI Technology Corp. Interactive Commc’ns Int’l, Inc. v. Great Am. Ins. Co., No. 17-11712, 2018 WL 2149769 (11th Cir. May 10, 2018).  InComm sells “chits,” each of which has a specific monetary value to consumers who can redeem them by transferring that value to their debit card.  To redeem a chit, a consumer dials a specific 1-800 number and goes through a computerized interactive voice system.  InComm lost $11.4 million when fraudsters manipulated a glitch in the system by placing multiple calls at the same time.  This allowed consumers to redeem chits more than once.  InComm sought coverage for these losses under its “Computer Fraud” policy.

In a recent brief filed in the Sixth Circuit, American Tooling Center, Inc. argued that the appellate court should reverse the district court’s decision finding no insurance coverage for $800,000 that American Tooling lost after a fraudster’s email tricked an employee into wiring that amount to the fraudster. As we previously reported here, the district court found the insurance policy did not apply because it concluded that American Tooling did not suffer a “direct loss” that was “directly caused by computer fraud,” as required for coverage under the policy. The district count pointed to “intervening events” like the verification of production milestones, authorization of the transfers, and initiating the transfers without verifying the bank account information and found that those events precluded a “finding of ‘direct’ loss ‘directly caused’ by the use of any computer.”

Highlighting the continued problems faced by policyholders in obtaining coverage for "computer fraud," a Michigan district court recently held that a manufacturer could not recover $800,000 in funds lost after an employee mistakenly wired payment for legitimate vendor invoices into a fraudster's bank account after receiving a spoofed e-mail requesting payment. In American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America, No. 16-12108 (E.D. Mich. Aug. 1, 2017), the district court applied state law favoring a narrow interpretation of the crime policy's computer fraud provision to hold that the policyholder had not suffered a "direct" loss that was "directly caused" by the use of any computer.

On November 4, Michael Levine and Matthew McLellan provided commentary for Westlaw about the Fifth Circuit’s recent decision in Apache Corp. v. Great American Insurance Co., No. 15-20499, 2016 WL 6090901 (5^th Cir. Oct. 18, 2016), on which Michael Levine had previously written a blog post. In the Westlaw Journal: Computer and Internet, Mike and Matt discussed a frustrating gap in coverage for “computer fraud” that may be found in some crime policies. They encourage policyholders to review their legacy and cyber policies to ensure that complex cyber risks are actually covered ...

In a seemingly illogical decision, the Fifth Circuit Court of Appeals ruled in Apache Corp. v. Great American Ins. Co., No 15-20499 (5th Cir. Oct. 18, 2016), that loss resulting from a fraudulent e-mail did not trigger coverage under a crime policy's "computer fraud" coverage because the loss was not the "direct result" of computer use.