August 13, 2022

Volume XII, Number 225

Advertisement
Advertisement

August 12, 2022

Subscribe to Latest Legal News and Analysis

August 11, 2022

Subscribe to Latest Legal News and Analysis

August 10, 2022

Subscribe to Latest Legal News and Analysis

Checked your insurance policies lately?

In a ruling that might provide a new path to data breach insurance coverage, DSW Shoe Warehouse, Inc. has prevailed in its attempt to obtain insurance coverage for losses associated with a data breach under a commercial crime policy.

The Sixth Circuit Court Appeals, in Retail Ventures, Inc. et al. v. National Union Fire Ins. Co.,  ruled last week that DSW was entitled to more than $6.8 million in losses and prejudgment interest under a commercial crime policy in connection with a computer hacking scheme.   The loss occurred between February 1 and February 14, 2005 when hackers used the local wireless network at a DSW store to obtain access to DSW’s main computer system and download credit card and checking account information to more than $1.4 million customers in 108 stores.   Upon learning of the breach, DSW commenced its own investigation and also notified its insurer of the claim.  DSW sought coverage for expenses incurred relating to customer communications, public relations, customer claims and lawsuits and investigations by various state and federal regulatory authorities.  Over $4 million in losses – the single largest share of the loss arising from the data breach – arose from the costs associated with charge backs, reissuance of credit cards, creditor monitoring and finds imposed by the credit card companies.    The breach also resulted in an FTC investigation, resulting in a settlement and consent order for DSW, alleging tthat the breach was a result of the retailer’s failure to protect sensitive consumer data.

The insurer, National Union Fire Insurance Company of Pittsburgh, PA, denied DSW’s claim for coverage under the Blanket Crime Policy.   The insurer argued, among other things, that the policy was a fidelity bond and, as such, only provided first party coverage.  In other words, the insurer argued that the policy was never intended to provide liability coverage to DSW; rather, coverage was limited to employee dishonesty situations.   Upholding the lower court, the Sixth Circuit held that the phase “fidelity bond” did not appear in the policy and, in any event, coverage does not turn on the label given to a policy but rather the language used in that policy.   The Sixth Circuit also rejected the insurer’s argument that the insuring clause, which provided that the insurer would pay for loss “resulting directly from” any theft of the insured property by computer fraud, limited coverage to the insured’s own loss from the theft.   Applying a proximate cause standard, the Sixth Circuit found that the DSW’s loss was the proximate cause – and “resulted directly from” – the computer breach.   The Sixth Circuit also found that the information obtained did not constitute proprietary information and, as such, the policy’s exclusion for Proprietary Information, Trade Secrets and Confidential Processing Methods was not applicable to bar coverage.

This decision is yet another example of the complexity of evaluating coverage for data breach losses under traditional policies of insurance.   Another court in another jurisdiction could have found for the insurer under these facts. The insurance market is constantly changing with new products becoming available to provide coverage where none existed before or where coverage can be questionable or uncertain.  This decision thus underscores the importance for insureds and insures alike to retain skilled counsel to carefully examine proposed policy language.  And, to avoid unpleasant surprises, insureds should also assess the nature of their data security exposures and then evaluate the likelihood of whether such exposures are covered by their traditional insurance program and, if not, whether such coverage might be available in the marketplace.

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume II, Number 248
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Nancy D. Adams Mintz Insurance and Reinsurance Problem-Solving & Dispute Resolution Insurance Consulting & Risk Management Product Liability & Complex Tort Complex Commercial Litigation Data & Privacy Litigation and Investigations Privacy & Cybersecurity
Member

Nancy is a noted insurance coverage litigator with extensive experience representing primary and excess insurers on the business and legal implications of complex coverage issues involving commercial, transactional, and personal lines of insurance. Nancy serves as lead counsel in coverage litigation in state, bankruptcy, and federal courts across the country. With her vast knowledge of the insurance industry, she also advises companies on a wide range of risk management issues, frequently conducting exposure and risk analysis and assisting companies with implementing risk transfer...

617-348-1865
Advertisement
Advertisement
Advertisement