Discovery of 13-Year Hacking Scheme Highlights Questions About Cyber Insurance Coverage
Time 2 Minute Read
Categories: Cyber Insurance, Cybersecurity, Information Security, Security Breach

Hunton & Williams Insurance Litigation & Counseling partner Lon Berk reports:

An Israeli security firm recently uncovered a hacking operation that had been active for more than a decade. Over that period, hackers breached government servers, banks and corporations in Germany, Switzerland and Austria by using over 800 phony front companies (which all had the same IP address) to deliver unique malware to victims’ systems. The hackers purchased digital security certificates for each phony company to make the sites appear legitimate to visitors. Data reportedly stolen included studies on biological warfare and nuclear physics, plans for key infrastructure, and bank account and credit card data.

The attack highlights concerns, not only about cybersecurity, but also about the extent to which such breaches are covered by specialty cyber insurance policies. These policies typically are written on a claims-made basis; that is, a policy responds to a claim made during its policy period. However, the policies also restrict coverage to events occurring on or after a “retroactive date.” Given that these types of breaches sometimes result from events stretching over years, even decades, and a breach may not be discovered for years, the retroactive date may limit the available coverage. If coverage for a loss related to a data breach is blocked by a cyber policy’s retroactive date, it may be necessary to look to standard general liability policies for coverage.

Tags: Austria, Germany, Hacker, Switzerland
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
CJEU Rules on Excessive Requests

On January 9, 2025, the Court of Justice of the European Union issued its judgment in the case Österreichische Datenschutzbehörde.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
NYDFS Urges Companies to Exercise Caution Due to Threats Posed by Remote Workers with Ties to North Korea

The New York Department of Financial Services (“NYDFS”) recently cautioned regulated entities to be aware of individuals applying for remote technology-related positions due to an increase in reported threats from North Korea. Threat actors have repeatedly attempted to access company systems and illegally generate revenue for North Korea under the guise of seeking remote Information Technology jobs at U.S. companies.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CJEU Rules that Principle of Minimization Limits the Personal Data that Can Be Used for Targeted Advertising

On October 4, 2024, the Court of Justice of the European Union issued its judgment in case C‑446/21 to assess whether the GDPR imposes limits to Meta Platforms Ireland’s use of personal data collected outside of the Facebook social network for advertising purposes.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
FTC Announces Proposed Settlement with Security Camera Firm Over Alleged Data Security Failures and CAN-SPAM Violations

On August 30, 2024, the Federal Trade Commission announced a proposed settlement with Verkada, a security camera firm, in connection with alleged data security failures and CAN-SPAM Act violations. Under the proposed order, Verkada will be required to implement a comprehensive information security program and pay a $2.95 million monetary penalty.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page