“Authorized Entry” Exclusion Precluded Coverage for Hacking Loss
August 18, 2016 |A federal district court in Washington has ruled that an insured company was not entitled to coverage for losses caused when a hacker directed one of the insured’s employees to change a vendor’s bank account information on its computer system.
The Case
Aqua Star (USA) Corp., a seafood importer, purchased frozen shrimp from Zhanjiang Longwei Aquatic Products Industry Co. Ltd.
A hacker allegedly hacked into Longwei’s computer system and sent fraudulent emails to an Aqua Star employee that directed the Aqua Star employee to change the bank account information for Longwei for future wire transfers. The Aqua Star employee made the changes as directed and ultimately the company was defrauded of $713,890 by the hacker.
Aqua Star sought coverage of its loss from its insurer under a policy covering computer fraud.
The carrier denied the claim, stating that the loss was not directly caused by computer fraud.
Aqua Star sued, and the parties moved for summary judgment.
The District Court’s Decision
The district court granted the insurer’s motion for summary judgment.
In its decision, the district court explained that the policy excluded coverage for a loss that resulted from the input of electronic data into the Aqua Star computer system by a person authorized to access the system.
Here, it continued, the Aqua Star employee who changed the bank account information for Longwei had the authority to enter Aqua Star’s system. Therefore, the district court concluded, the exclusion applied and Aqua Star’s loss was not covered by the policy.
The case is Aqua Star (USA) Corp. v. Travelers Casualty and Surety Co. of America, No. C14-1368RSL (W.D. Wash. July 8, 2016).
Rivkin Comment
A similar result was reached in Pestmaster Services, Inc. v. Travelers Casualty and Surety Co. of America, No. 14-56294 (9th Cir. July 29, 2016).
In this case, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s decision that a crime policy’s funds transfer provision did not cover authorized electronic transactions even if they were, or might have been, associated with a fraudulent scheme.
The circuit court also found that the policy’s computer fraud provision did not afford coverage for the transfer. A transfer pursuant to “authorization” from the insured “was not fraudulently caused,” the Ninth Circuit concluded.