AIG leads Capital One’s cyber liability coverage: SourcesPosted On: Aug. 5, 2019 2:52 PM CST
American International Group Inc. leads Capital One Financial Corp.’s cyber liability coverage, with about a dozen insurers providing excess coverage for the bank, which announced last week that it had suffered a major data breach, according to market sources.
McLean, Virginia-based Capital One said in a statement last week it has $400 million in cyber insurance coverage limits, subject to a $10 million deductible in connection with the data breach, which affected about 106 million people in the United States and Canada, but did not disclose the insurers.
In addition to the AIG primary layer, the first excess layers in the coverage are provided by a unit of Axis Capital Holdings Ltd., a unit of Chubb Ltd. and Endurance, a unit of Sompo International Holdings Ltd., according to a source with knowledge of the placement. There are up to a dozen other insurers providing higher layers in the coverage, some in more than one layer, according to the source.
Representatives for the insurers, either had no comment or could not immediately be reached. Capital One did not respond to requests for comment.
Meanwhile, Capital One and affiliates face allegation of negligence among other things in at least three putative class action lawsuits that have been filed in U.S. District Courts for the District of Columbia, in Alexandria, Virginia, and in Oakland, California.
In the most recent of the cases, Aimee Aballo and Seth Zielicke v. Capital One Financial Corp. et al., which was filed last Thursday, GitHub Inc., a unit of Microsoft Corp., is also named as a defendant.
According to this complaint, the hacked data was available on San Francisco-based GitHub’s website for three months, where it had been placed by the hacker, but GitHub neither removed the information, nor informed any victims. Capital One learned of the hack from a GitHub user, according to the litigation.
GitHub, which provides software development hosting services, said in a statement it “promptly investigates content” once it is reported and it removes anything that violates its terms of service.
“The file posted on GitHub in this incident did not contain any Social Security numbers, bank account information, or any other reportedly stolen personal information.
“We received a request from Capital One to remove content containing information about the methods used to steal the data, which we took down promptly after receiving their request,” the company said.