“Authorized Entry” Exclusion Precluded Coverage for Hacking Loss

By Robert Tugander, Esq. of Rivkin Radler LLP A federal district court in Washington has ruled that an insured company was not entitled to coverage for losses caused when a hacker directed one of the insuredaEUR(TM)s employees to change a vendoraEUR(TM)s bank account information on its computer system. The Case Aqua Star (USA) Corp., a seafood importer, purchased frozen shrimp from Zhanjiang Longwei Aquatic Products Industry Co. Ltd. A hacker allegedly hacked into LongweiaEUR(TM)s computer system and sent fraudulent emails to an Aqua Star employee that directed the Aqua Star employee to change the bank account information for Longwei for future wire transfers. The Aqua Star employee made the changes as directed and ultimately the company was defrauded of $713,890 by the hacker. Aqua Star sought coverage of its loss from its insurer under a policy covering computer fraud. The carrier denied the claim, stating that the loss was not directly caused by computer fraud. Aqua Star sued, and the parties moved for summary judgment. The District CourtaEUR(TM)s Decision The district court granted the insureraEUR(TM)s motion for summary judgment. In its decision, the district court explained that the policy excluded coverage for a loss that resulted from the input of electronic data into the Aqua Star computer system by a person authorized to access the system. Here, it continued, the Aqua Star employee who changed the bank account information for Longwei had the authority to enter Aqua StaraEUR(TM)s system. Therefore, the district court concluded, the exclusion applied and Aqua StaraEUR(TM)s loss was not covered by the policy. The case is Aqua Star (USA) Corp. v. Travelers Casualty and Surety Co. of America, No. C14-1368RSL (W.D. Wash. July 8, 2016). Rivkin Comment A similar result was reached in Pestmaster Services, Inc. v. Travelers Casualty and Surety Co. of America, No. 14-56294 (9th Cir. July 29, 2016). In this case, the U.S. Court of Appeals for the Ninth Circuit affirmed a district courtaEUR(TM)s decision that a crime policyaEUR(TM)s funds transfer provision did not cover authorized electronic transactions even if they were, or might have been, associated with a fraudulent scheme. The circuit court also found that the policyaEUR(TM)s computer fraud provision did not afford coverage for the transfer. A transfer pursuant to aEURoeauthorizationaEUR? from the insured aEURoewas not fraudulently caused,aEUR? the Ninth Circuit concluded. For additional information, contact Robert at robert.tugander@rivkin.com or (516) 357-3335

Meet The Experts

    Enter name of Insurance Company and press GO button.