Spoofing losses not covered under Travelers computer fraud policy: CourtPosted On: Apr. 18, 2018 12:37 PM CST
A Travelers Cos. Inc. unit is not obligated to provide coverage to a seafood company that was the victim of a spoofing email scheme under an exclusion in its computer fraud policy, says a federal appeals court in upholding a lower court ruling.
Seattle-based Aqua Star (USA) Corp. does business with Zhanjiang, China-based Zhanjiang Longwei Aquatic Products Industry Co. Ltd., a vendor from which it purchases frozen shrimp, according to court papers in Aqua Star (USA) Corp., a subsidiary of Admiralty Island Fisheries Inc. v. Travelers Casualty and Surety Company of America.
Longwei’s computer system was hacked in the summer of 2013, according to court papers. The hacker apparently monitored email exchanges between an Aqua Star employee and a Longwei employee before beginning to intercept the email exchanges and sending fraudulent emails using spoofed email domains that appeared similar to the employees’ actual email, for instance by substituting the number 1 for the lower-case i.
The hacker directed the Aqua Star employee in these emails to change the bank account information for Longwei for future wire transfers, and the Aqua Star employee complied, resulting in the company being defrauded of $713,890.
Hartford, Connecticut-based Travelers Casualty denied coverage, and Aqua Star filed suit in U.S. District Court in Seattle, charging breach of contract.
The District Court granted Travelers summary judgment, which was upheld by a unanimous three-judge appeals court panel of the 9th U.S. Circuit Court of Appeals in San Francisco.
An exclusion in the Travelers policy “unambiguously provides that the policy ‘will not apply to loss or damages resulting directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured’s Computer system,’” said the ruling.
“Aqua Star’s losses resulted from employees authorized to enter its computer system changing wiring information and sending four payments to a fraudster’s account.
“These employees ‘ha(d) the authority to enter’ Aqua Star’s system when they ‘input’ Electronic Data on Aqua Star computers, to change the wiring information and authorize the four wires,” the ruling said.
“Their conduct fits squarely within the Exclusion,” said the ruling in affirming the lower court’s ruling dismissing the case.
In November, a federal court ruled that Travelers Casualty and Surety’s crime policy does not cover a computer fraud case because its policyholder has not established that the wired payments its supplier had inadvertently sent to an imposter can be considered its owned property under terms of its policy.