Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Court limits Hiscox’s data breach dispute with law firm

Reprints
Cyber Risks P/C Insurers Risk Management More + Less -
Hiscox

Hiscox Ltd. can’t sue a law firm for breach of fiduciary duty in addition to professional negligence in a case stemming from 2017 and 2018 cyberattacks, a federal court ruled.

Other allegations made by Hiscox against Warden Grier LLP, a Kansas City, Missouri-based law firm it contracted with for coverage matters and litigation monitoring, can go to trial, according to a ruling Wednesday by the U.S. District Court for the Western District of Missouri in Kansas City.

According to the ruling in Hiscox Insurance Co. Inc. and Hiscox Syndicates Ltd. v. Warden Grier LLP, hackers obtained personally identifiable information of clients of Hiscox’s corporate policyholders through a cyberattack on the law firm.

A group known as The Dark Overlord first hacked Warden Grier in February 2017 and threatened to publicize its data unless the law firm paid a ransom. Warden Grier paid the ransom but did not notify Hiscox of the breach, the ruling states.

A year later, the hackers made an additional ransom demand and told Hiscox of the breach. Two days later, Hiscox contacted Warden Grier about the breach and the law firm confirmed it had been hacked, court papers say.

Hiscox then hired various experts to help it manage its potential exposures arising from the breach. Costs the insurer incurred included $1.1 million paid to a firm that analyzed the breached data, $276,859 paid to another law firm, $107,456 paid to a public relations consultant and $6,189 paid to a call center.

Hiscox sued Warden Grier alleging a breach of fiduciary duty and duty of care. Warden Grier moved for summary judgment, arguing that Hiscox must demonstrate that it had a legal duty to perform an analysis of individuals who needed to be informed of the breach; that Hiscox failed to demonstrate that the breach proximately caused Hiscox’s damages; and that the insurer’s fiduciary claim should be included in its professional negligence claim.

The court ruled that under Missouri law “Hiscox’s professional negligence claim must subsume its breach of fiduciary duty claim.”

The other motions submitted by Warden Grier, though, were denied with the court ruling that the case should be decided by a jury.

 

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.