Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Chubb unit must cover firm’s spoof email loss: Appeals court

Reprints
Chubb unit must cover firm’s spoof email loss: Appeals court

A federal appeals court has upheld a lower court ruling that held a Chubb Ltd. unit is obligated to provide coverage to a cloud-based services firm that lost $4.8 million because of spoof emails.

Thursday’s ruling by the 2nd U.S. Circuit Court of Appeals in New York in Medidata Solutions Inc. v. Federal Insurance Co. involves an email sent to New York-based Medidata, which provides cloud-based services to scientists conducting research in clinical trials.

In June 2014, a Medidata accounts payable employee received the  email, which was purportedly from the company’s president, instructing her to devote her full attention to the demands of “attorney” Michael Meyer, according to court papers.

That email led to the company eventually wiring — and losing — $4.8 million to a bank account provided by “Mr. Meyer.” A second attempted wire transfer was stopped after a Medidata official became suspicious and an investigation ensued, according to the ruling.

Medidata sought coverage for the loss under its “Federal Executive Protection” policy with Federal Insurance Co., a unit of Warren Township, New Jersey-based Chubb Ltd., which provided up to $5 million in coverage, according to the ruling.

Chubb denied coverage, and Medidata filed suit. The District Court granted Medidata’s motion for summary judgment in the case, which was unanimously affirmed by a three-judge appeals court panel in Thursday’s ruling.

“We agree with the district court that the plain and unambiguous language of the policy covers the losses incurred by Medidata here,” said the ruling.

“While Medidata concedes that no hacking occurred, the fraudsters nonetheless crafted a computer-based attack that manipulated Medidata’s email system, which the parties do not dispute constitutes a ‘computer system’ within the meaning of the policy.

“The spoofing code enabled the fraudsters to send messages that inaccurately appeared, in all respects, to come from a high-ranking member of Medidata’s organization.

“Thus the attack represented a fraudulent entry into the computer system, as the spoofing code was introduced into the email system…. Accordingly, Medidata’s losses were covered by the terms of the computer fraud provision.”

In another spoofing case, in November, a federal court ruled that a Travelers Cos. Inc. unit’s crime policy does not cover a computer fraud case because its policyholder has not established the wired payments its supplier had inadvertently sent to an impostor can be considered its owned property under terms of its policy.

 

 

 

 

 

 

 

 

Read Next

  • Chubb unit ordered to pay $24M in D&O dispute

    ATLANTA--A judge has ordered Chubb Corp. unit Executive Risk Indemnity Inc. to pay $24 million to directors and officers liability policyholder AFC Enterprises Inc. over a claim related to AFC's settlement of shareholder litigation.