Less than a year ago, I blogged about an important court decision in favor of policyholders in the burgeoning area of cyber insurance coverage. In Medidata Solutions, Inc. v. Federal Insurance Company, a New York federal judge granted summary judgment to the plaintiff, awarding it insurance coverage for its multi-million-dollar loss involving an email spoof. The fraudsters had accessed Medidata’s computer system, posed as an executive in emails, and directed employee executives to wire transfer more than $5 million to the fraudsters’ account.
The insurance company appealed. The United States Court of Appeals for the Second Circuit agreed with the trial court judge and ruled that the email spoof was covered by the terms of the computer fraud provision contained in the insurance policy. See Medidata Solutions Inc. v. Federal Insurance Company.
In this case, the email spoof caused Medidata executives to transfer more than $5 million in funds that they would never have transferred but for the spoof. The insurance company argued that the direct loss here was caused by authorized Medidata executives transferring the funds, not the email spoof itself. Although true, the Court stated:
“The chain of events was initiated by the spoofed emails, and unfolded rapidly following their receipt. While it is true that the Medidata employees themselves had to take action to effectuate the transfer, we do not see their actions as sufficient to sever the causal relationship between the spoofing attacks and the losses incurred. The employees were acting, they believed, at the behest of a high-ranking member of Medidata.”
Consequently, the Court rejected the insurance company’s argument that Medidata did not sustain a direct loss as a result of the spoofing attack within the meaning of the policy. New York courts have determined that the term “direct loss” refers to a legal concept called proximate cause. Proximate cause in this context is where a chain of events is created by an act that ultimately results in a loss.
Focusing only on the computer fraud provision contained in the insurance policy, the Court described the conduct of the perpetrators as a computer-based attack on Medidata’s computer system. The court also stated that, “[T]he attack also made a change to a data element, as the email system’s appearance was altered by the spoofing code to misleadingly indicate the sender.“
This decision greatly expands the coverage available to policyholders who have purchased cyber insurance coverage and are victimized by the rampant scammers who are roaming in cyberspace.
We as a society are not prepared to deal with catastrophic illness, and although I was smart enough to have taken out a Long-term Disability policy in my thirties, the
Desperate and devastated with everything to lose, I put my life in the hands of Evan and Michail on faith. In my heart I always believed they would deliver, and
During the most trying part of my life, Schwartz Law’s attorneys were fighting for my life. I was physically just barely up on my own two feet, with a diagnosis
A company made an error in how they sold me my long-term disability insurance policy and they offered me a lump sum settlement. I did not fully understand the offer
My claim was denied by my insurance company. My medical condition wasn’t understood by my physicians. My first attorney gave me terrible advice. My family faced financial ruin without the
The Chanin Building, 122 East 42nd Street, Suite 725, New York, New York 10168
Toll Free: (800) 745-1755
Phone: (212) 608-5445
666 Old Country Road, Ninth Floor, Garden City, New York 11530
Toll Free: (800) 745-1755
Phone: (516) 745-1122
Fax: (516) 745-0844