Travelers sues P.F. Chang's to avoid paying breach costs
Posted On: Oct. 13, 2014 12:00 AM CST
A Travelers Cos. unit has filed suit against restaurant chain P.F. Chang's China Bistro Inc. seeking a judicial declaration that it is not obligated under its commercial general liability policies to provide indemnity coverage or defense costs in connection with a data breach announced earlier this year.
Travelers says in a lawsuit filed in federal District Court in Hartford, Connecticut, Oct. 2 that it is not obligated to provide coverage to the Scottsdale, Arizona-based chain under the one-year CGL polices it issued in January 2013 and January 2014. It states the chain has separate cyber coverage with an unidentified insurer. The chain is owned by New York-based Centerbridge Partners L.P., a private equity firm.
According to litigation filed against the restaurant chain, a breach occurred that involved seven million customer credit and debit cards began on Sept. 18, 2013, although P.F. Chang's was not notified of it until June 10, 2014. One lawsuit has been filed in Washington and two in Illinois, according to the Travelers litigation, The Travelers Indemnity Company of Connecticut vs. P.F. Chang's China Bistro Inc.
The litigation against the restaurant chain, which was filed in June and July and seeks class action status, accuses P.F. Chang's of failure to prevent the breach, and states it could have been prevented. Charges against the chain include breach of implied contract.
Travelers states in its lawsuit that its policies contain a “liability self-funded retentions endorsement” that provides for a self-funded retention of $250,000 applicable to each CGL incident. It states that even if there is coverage under the policies, “which Travelers expressly denies,” it does not have a defense obligation because the chain has not exhausted the policies' self insured retention.
Spokesmen for both Travelers and P.F. Chang's had no comment.
Underwriters are requesting more in-depth information from retailers before agreeing to underwrite cyber risks in light of the recent massive data breaches at The Home Depot Inc. and Target Corp.