(Article from Insurance Law Alert, September 2017)
For more information, please visit the Insurance Law Alert Resource Center.
As discussed in our July/August 2017 Alert, several courts have recently rejected policyholder attempts to obtain coverage for cyber-related losses under computer fraud and similar policy provisions. Last month, a Michigan federal district court followed suit, finding that a policyholder is not entitled to coverage for losses arising from a wire transfer initiated by a fraudulent email. American Tooling Center, Inc. v. Travelers Cas. & Sur. Co. of Am., 2017 WL 3263356 (E.D. Mich. Aug. 1, 2017).
ATC, a tool and die manufacturer, outsources its work to Shanghai, an overseas manufacturer. Shanghai receives payment after it sends an invoice to ATC and the invoice is verified by ATC. In 2015, ATC received an email purportedly sent by Shanghai (but in actuality sent by a third party using a similar domain), instructing ATC to send payment for several outstanding invoices to a new bank account. In response, ATC wired approximately $800,000 to the account without verifying the new instructions with Shanghai. ATC sought coverage for the loss from Travelers, which denied the claim. In ensuing litigation, a Michigan court ruled that the policy does not cover the losses.
Travelers’ policy covers the “direct loss of, or direct loss from damage to, Money, Securities and Other Property directly caused by Computer Fraud.” Computer Fraud is defined as “the use of any computer to fraudulently cause a transfer” of money or other property to a third party. The court held that ATC did not suffer a “direct loss” that was “directly caused” by “the use of any computer.” The court reasoned that the loss was not “directly caused” by the fraudulent email because there were intervening events between receipt of the email and the transfer of funds. In particular, the court noted that ATC verified certain product milestones and authorized the wire transfer but failed to verify the new bank information. The court concluded that these intervening events preclude a finding of “direct” loss “directly caused” by the use of a computer.
Notably, a New York federal district court, faced with a similar factual record, recently concluded that claims arising out of losses caused by a fraudulent wire transfer were covered by “computer fraud” and “funds transfer fraud” provisions. See Medidata Solutions, Inc. v. Federal Ins. Co., 2017 WL 3268529 (S.D.N.Y. July 21, 2017) (discussed in our July/August 2017 Alert).