Social Icons

google plusfacebooklinkedintwitterinstagramrss feedemail

Featured Posts

Obstacle Course Race Company Needed an Insurance Lawyer

This case is a cautionary tale about what happens when a race director doesn't have an insurance and contract lawyer look over their documents.

New Bill Increases Penalty for Child Trafficking in Connecticut

More than 130 children have been forced into sexual slavery in Connecticut in the last five years and the Connecticut legislator is doing something about it.

UConn Law Professor Speaks to Congress on Cybersecurity

While many lobby to limit the duty to disclose consumer data breaches, Dr. David Thaw warns against rewarding companies for bad investigations and eroding consumer protection.

Appeal from Second Circuit Striking Down Town Prayer

Congress has been opening with prayer since before the revolution, but in Town of Greece v. Galloway, the practice began in 1999 and may have been intended to favor one religion.

New Connecticut Law Limits Immigrants Turned over to ICE

This controversial new policy means that Connecticut authorities will only honor ICE detention requests for immigrants on terrorist watch lists, felons or those who meet other safety risks.

Law is a Personal Profession

Life has become less personal, but Law remains a personal profession and anyone can put themselves on the short list for a job by skipping email and applying in person.

How to Study in Your Car - Redeeming the Time

Whether you're driving or folding laundry, you can get ahead by listening to the right audiobooks and lectures. This article reviews of the best audio resources and explains how to get them.


Monday, July 23, 2018

The Sixth Circuit Weighs in on the “Direct Loss” Issue for Cyber Fraud Coverage

Published on

Earlier this month, the Second Circuit case broadly interpreted the “direct loss” requirement to find coverage for a cyber fraud, email spoofing scam. Now, the Sixth Circuit Court of Appeals has issued a similar opinion in American Tooling Center, Inc. v. Travelers Casualty & Surety Company, finding coverage for a company that lost $834,000 to a similar scam. These recent decisions may indicate a trend in favor of policyholders on the “direct loss” issue.

The Fraud and Insurance Claim

The plaintiff, American Tooling Center, Inc. (“American Tooling”), a tool and die manufacturer, outsources a number of its manufacturing orders to overseas companies such as YiFeng, an automotive die vendor. Under normal circumstances, American Tooling would submit orders to YiFeng and YiFeng would start production and bill American Tooling in stages. Upon receiving a bill, American Tooling would wire payment. At some point, a fraudster hacked the email of a YiFeng employee and sent several invoices to American Tooling, directing another American Tooling employee to wire payments to a different account. American Tooling discovered the fraud when YiFeng sent the actual invoices, but by then it had already wired $834,000 into the fraudulent accounts.

American Tooling made a claim for the loss under the “Computer Fraud” provision of its Travelers “Wrap+” business insurance policy. Travelers denied the claim, arguing, among other things, that American Tooling did not suffer a “direct loss”; the fraudster’s conduct did not constitute “Computer Fraud”; and that the loss was not “directly caused by Computer Fraud.” The district court agreed with Travelers and granted summary judgment.

The Ruling

The Sixth Circuit reversed, holding that the policy did indeed afford coverage for American Tooling’s loss.

In its decision, the Sixth Circuit first discussed Travelers’ claim that there was no “direct loss.” Just like the court in Medidata, this Court held that American Tooling had suffered an immediate and direct loss. The Sixth Circuit reached the same conclusion as the Second Circuit by equating “proximate cause” with “direct cause” for purposes of Computer Fraud protection. 

The Sixth Circuit also held that the fraudster’s conduct constituted “Computer Fraud”: 

Travelers’ attempt to limit the definition of “Computer Fraud” to hacking and similar behaviors in which a nefarious party somehow gains access to and/or controls the insured’s computer is not well-founded. If Travelers had wished to limit the definition of computer fraud to such criminal behavior it could have done so. Because Travelers did not do so, the third party’s fraudulent scheme in this case constitutes “Computer Fraud” per the Policy’s definition.”

Monday, July 9, 2018

Second Circuit Finds Coverage in Cyber Fraud Case

Published on

On Friday, July 6, 2018, the United States Court of Appeals for the Second Circuit held that a fraudulent email that caused a company to transfer $4.8 Million to the fraudster was a “direct loss” covered by the company’s computer fraud insurance.

By defining “direct cause” as “proximate cause,” the Second Circuit Court of Appeals settled a major ambiguity in computer fraud insurance policies in favor of policyholders. “Direct cause” is one of the most hotly debated issues in crime insurance and courts disagree on its interpretation. Earlier this year, the 9th Circuit found against coverage in a similar situation in Taylor & Lieberman v. Federal Insurance Company, 2017 WL 929211 (9th Cir.). These conflicting decisions could give rise to an appeal to United States Supreme Court.

The Loss

In 2014, an employee of Medidata Solutions Inc., (a cloud-based technology company) received an email purporting to be from the company’s president. As a result of the email, the company eventually wired $4.8 million to an outside bank account. That email turned out to be spoofed, and the bank account belonged to a fraudster.

As the district court explained in the underlying case:
“[S]poofing” is “the practice of disguising a commercial e-mail to make the e-mail appear to come from an address from which it actually did not originate. Spoofing involves placing in the ‘From’ or ‘Reply-to’ lines, or in other portions of e-mail messages, an e-mail address other than the actual sender’s address, without the consent or authorization of the user of the e-mail address whose address is spoofed.
Medidata Sols., Inc. v. Fed. Ins. Co., 268 F. Supp. 3d 471, 477 n.2 (S.D.N.Y. 2017) (quoting Karvaly v. eBay, Inc., 245 F.R.D. 71, 91 n.34 (E.D.N.Y. 2007)).

The Claim
When the fraudster attempted the same scam a second time, Medidata discovered the fraud and tendered the loss under its Federal Executive Protection policy. The Policy contained a “Crime Coverage Section” addressing loss caused by various criminal acts, including Forgery Coverage Insuring, Computer Fraud Coverage, and Funds Transfer Fraud Coverage.

Federal denied coverage for two reasons. First, Federal claimed that no actual hacking or data breach took place “because the emails did not require access to Medidata’s computer system, a manipulation of those computers, or input of fraudulent information.” Medidata Sols., Inc., 268 F. Supp. 3d at 475. Second, Federal claimed Medidata did not sustain a “direct loss” because the spoofed emails directed Medidata’s employees to transfer the funds, and, therefore the fraudster’s computer-action was not the direct cause of the loss, rather Medidata’s action (through its employees) was an intervening cause.

The Ruling

The District Court rejected Federal’s arguments and the Second Circuit agreed.

Friday, May 18, 2018

Surviving a Tornado – How to Navigate Insurance Claims in the Wake of the Recent Connecticut Storm

Published on

Five minutes after I parked my car, a Tree fell on it.

On Tuesday, May 15th I pulled into my driveway, in my small Connecticut neighborhood, under a grey sky. As soon as I walked in the house, the lights flickered. And then suddenly there was a loud “Crack!” and “Crash!” and the sound of breaking glass. I looked out the window and trees were bent 90 degrees, then snapping, and then flying up instead of falling down. And as quickly as it came, it passed.

When I stepped outside, my first thought was that my car has seen better days. My second thought was that my whole neighborhood had seen better days.
Do you think the TV still works?
As I walked down the street surveying the damage, my neighbors started emerging from their homes like survivors in a post-apocalyptic movie. We speculated that it might have been a Tornado and that later proved to be true.
If I'm reading this correctly, it's bad to be in the "red" area.