The 9th U.S. Circuit Court of Appeals affirmed the district court’s ruling in Aqua Star (USA) Corp., vs Travelers Casualty and Surety Company of America. The case involved fraudulent emails purporting to be from the insured’s suppliers directing that the insured direct its payments to a new account purportedly opened by that supplier. Based on that fraudulent communication, the insured transferred $713,890 due its supplier to the fraudulent “new account.”
At issue was whether an exclusion in the insured’s Wrap and Crime Policy applied. That exclusion precludes coverage for loss resulting directly or indirectly from the input of electronic data by a natural person having authority to enter the insured’s computer system. The Ninth Circuit found the insured’s losses were the result of entries made on the insured’s computer system to change the wiring information for its supplier. Because the employees involved were authorized to enter the insured’s computer system to make such entries, the court affirmed the decision of the district court and found that the exclusion applied.
The ruling is consistent with other precedents. It’s a good reminder to businesses to check their cyber security insurance coverage to ensure that it meets their needs, since social engineering fraud is becoming more prevalent.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.