Chubb wins phishing attack ruling: Appeals court

A federal appeals court on Tuesday affirmed a lower court ruling in Chubb Ltd.’s favor in a case involving a phishing attack.

Palm Harbor, Florida-based Star Title Partners of Palm Harbor LLC, a settlement agent hired to close a residential real estate transaction, had a cyber protection policy with Chubb unit Illinois Union Insurance Co., according to the ruling by the 11th U.S. Circuit Court of Appeals in Atlanta in Star Title Partners of Palm Harbor LLC v. Illinois Union Insurance Co.

The home’s seller identified Lubbock, Texas-based Capital Mortgage Services of Texas as his lender and lienholder. A Star Title employee received a fraudulent email from someone who was purportedly a CMS payoff representative. She did not suspect fraud and sent a payment, which was not specified in the ruling, to the email sender.

Star Title did not have a policy in place to call the lender directly to verify the wire transfer information, the ruling said.

Star Title submitted a claim to Illinois Union under its coverage’s cybercrime endorsement, which included a deceptive transfer fraud insuring clause, the ruling said.

Chubb denied coverage on the basis CMS was not a Star Title employee, customer client or vendor as required for coverage under its policy, and because it has failed to verify the transfer request according to its procedures.

Star Title filed suit in U.S. District Court in Tampa, Florida, which ruled in Chubb’s favor. A unanimous three-judge appeals court panel affirmed the lower court.

Under the “plain meaning” of the policy terms identifying who is covered, “we agree with the district court that Star Title has failed to show that it is entitled to coverage under its insurance policy,” the ruling said, in affirming the lower court.

Attorneys in the case did not respond to requests for comment.

Last month, a federal district court ruled that a Travelers Cos. Inc. unit correctly paid a phishing claim under its crime policy’s social engineering fraud coverage and refused to pay under the policy’s computer fraud coverage, which offered much higher limits.