Year in Review: Top Insurance Cases of 2018
by Syed Ahmad, Lawrence Bracken, John Eichman, Sergio Oehninger, Walter Andrews, Lorelie Masters, Latosha Ellis
Published: January, 2019
Submission: January, 2019
2018 was a banner year for decisions addressing losses resulting from social engineering phishing, spoofing and other schemes of trickery and deception.
- 2nd Cir. Affirms Medidata’s Spoofing Loss is Covered Under Crime Policy’s Computer Fraud Provision. Medidata Solutions, Inc. v. Federal Ins. Co., 17-cv-2492 (2d Cir. July 6, 2018).
In one of the most closely watched social engineering cases—we blogged about the early stages of this case in 2016 and 2017—the Second Circuit Court affirmed a district court’s summary judgment award in favor of Medidata Solutions, Inc., finding that the $4.8 million loss Medidata suffered after it was tricked into wiring funds to a fraudulent overseas account triggered coverage under a commercial crime policy’s computer fraud provision. The appellate court found that the entry of data into the computer system squarely satisfied the computer fraud provision, which affords coverage for loss stemming from any “entry of Data into” or “change to Data elements or program logic of” a computer system. The Second Circuit rejected the insurer’s argument that Medidata’s loss did not actually result directly from the spoofing attack, finding the actions of Medidata’s employees “[in]sufficient to sever the casual relationship between the spoofing attack and the losses incurred.” The Second Circuit declined Federal’s request for reconsideration.
- Second Major Policyholder Win For Social Engineering Schemes. American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018).
On the heels of the Second Circuit’s decision in Medidata, the Sixth Circuit reversed the district court’s grant of summary judgment in favor of the insurer in a dispute where American Tooling lost $800,000 after a fraudster’s email tricked an American Tooling employee into wiring that amount to the fraudster. In rejecting the district court’s finding that coverage under the insurance policy for computer fraud did not apply because the loss was not “directly caused” by computer fraud, the Sixth Circuit found that the loss was an immediate and proximate result of the fraud because American Tooling immediately sustained harm the moment it transferred the money as a result of the fraudulent email. Notably, the Sixth Circuit rejected Travelers’s request for reconsideration of the ruling.
The Medidata and American Tooling cases continue to mark the breadth of coverage available to policyholders under commercial crime policies for social engineering and other computer-related fraudinduced losses. The decisions also help overcome the false distinction that insurers have tried to maintain between a computer hack-type event and a social engineering intrusion, both of which necessarily entail accessing the target’s computer systems or data and manipulating those systems in a fraudulent manner.
To continue reading the full article please click HERE.
- Recent Increase in IRS Enforcement of ACA Reporting Penalties
- Insurers Beware: California’s Notice-Prejudice Rule Is a “Fundamental Public Policy”
- Employers May Offer Two New Types of Health Reimbursement Arrangements in 2020
- Beware: Violations Of State Safety Requirements Bring Penalties For Both State Fund and Self-Insured Employers
WSG Member: Please login to add your comment.