Home Search Services People Contact
Contact
About
People
Insights
News
Events
search

What can we help you find? Enter your search above.

Sugarman, Rogers, Barshak & Cohen, P.C. Logo Sugarman, Rogers, Barshak & Cohen, P.C. Logo
Balance Careers Community
Diversity, Equity & Inclusion History Pro Bono
Professional Staff Sustainability
Appellate Practice Business Disputes Domestic Relations & Probate Litigation Employment Law Environmental & Energy Law
Government Law Insurance & Reinsurance Intellectual Property Litigation Product Liability
Professional Liability Real Estate Litigation Medical Malpractice & Personal Injury Defective Drugs & Medical Devices
Anthony V. Agudelo Michael S. Appel William L. Boesch Svana M. Calabro Widmaier M. Charles Tristan P. Colangelo Anthony M. Doniger
Lisa C. Goodheart Srish Khakurel Andrea Studley Knowles Christine M. Netski John G. O’Neill Jessica H. Park Regina E. Roman
C. Dylan Sanders Kenneth N. Thayer Alessandra W. Wingerter Ann Marie E. Berntsen Michele M. Corey, RP Christopher B. Hunt Professional Staff
search

What can we help you find? Enter your search above.

I understand
 
Sugarman Rogers Icon

April 20, 2018

Legal Update
John G. O'Neill, Jessica H. Park

Federal court affirms finding of no coverage for fraudulent e-mail scam

Close Video
Related Video

Video Title

Video Content

Featured Flourish
Video Related Post Type
Video Related Post Title

In the latest decision to consider the issue, the Ninth Circuit Court of Appeals has upheld a finding that a Crime Policy issued by Travelers did not cover a policyholder’s loss resulting from a fraudulent e-mail scam.

Aqua Star (USA) Corp. v. Travelers Cas. & Sur. Co. of America, 2018 WL 1804338 (9th Cir., April 17, 2018), involved a scam in which Aqua Star, a seafood importer, was tricked into making wire transfers to a cybercriminal’s bank account after receiving spoofed e-mails made to appear as if they had come from one of the company’s seafood vendors. The fraudulent e-mails asked Aqua Star to change the bank account information for future payments to the vendor. An Aqua Star employee complied with the request, entered the fraudulent account number into a computer spreadsheet on which Aqua Star saved its vendors’ bank account information, then used the fraudulent account number for wire transfers intended for the vendor. Over $700,000 was wired to the impostor’s bank account before the fraud was detected.

Aqua Star made a claim for the loss under its Crime Policy with Travelers, which covered certain losses directly caused by “Computer Fraud,” defined as the use of a computer to fraudulently cause a transfer of money.  Travelers denied coverage, citing, among other things, an exclusion that barred coverage for loss resulting “directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured’s Computer System[.]”

Aqua Star sought a declaration that the Crime Policy provided coverage, but the District Court agreed with Travelers, ruling that the exclusion unambiguously applied. The Aqua Star employee’s entry of the fraudulent account information into Aqua Star’s spreadsheet and subsequent use of that information to initiate the wire transfers, the court reasoned, was “entry of electronic data” by an authorized user of the insured’s computer system. Because this entry of data was a necessary step in the chain of events that led to the wire transfer, it was an “indirect” cause of the loss and came within the clear language of the exclusion.

On appeal, Aqua Star argued, among other things, that the District Court had erroneously failed to apply Washington’s “efficient proximate cause” rule, under which there may be coverage if two or more perils combine to cause a loss, and a covered peril is the predominant or efficient cause of the loss. The cybercriminal’s fraudulent use of a computer was the predominant cause of this loss, Aqua Star asserted, and coverage should not be destroyed because an innocent employee used a computer for an act that happened to be an intermediate step in the causal chain.

The Ninth Circuit disagreed, upholding the District Court’s finding that the exclusion unambiguously applied, and rejecting the “efficient proximate cause” argument. Noting that the efficient proximate cause rule applied only where two or more perils combined to cause a loss, the Court found that Aqua Star’s loss was caused by only one peril, Computer Fraud, and that the company “[could] not avoid a contractual exclusion merely by affixing an additional label or separate characterization to the act or event causing the loss.” Aqua Star, 2018 WL 1804338, at *1 (citation omitted).

The Aqua Star decision did not reach some of the threshold issues with which other courts have grappled in wire-fraud cases, such as whether Computer Fraud provisions are meant to be restricted to unauthorized intrusion or hacking into an insured’s computer system, as opposed to authorized entry of data prompted by fraud. Nevertheless, this decision joins a growing body of case law in which courts have declined to extend “Computer Fraud” coverage to situations involving fraudulent e-mail scams, and illustrates some of the many hurdles that can lie in the path of claims for coverage of such scams.

Related People

John G. O'Neill
John G. O'Neill
Partner
617.227.3030 Email John
Jessica H. Park
Jessica H. Park
Partner
617.227.3030 Email Jessica
Share This
Share
Print
Services
Insurance & Reinsurance
Related Content
Legal Update
View all
Court dismisses claim for coverage of email “spoofing” scam under crime policy
Legal Update
View all
Court finds coverage under crime policy for email fraud loss
Legal Update
View all
Email spoofing scam is not covered under computer fraud provision of policy

Federal court affirms finding of no coverage for fraudulent e-mail scam
Date: April 20, 2018
Legal Update
John G. O'Neill, Jessica H. Park
Related Services: Insurance & Reinsurance

In the latest decision to consider the issue, the Ninth Circuit Court of Appeals has upheld a finding that a Crime Policy issued by Travelers did not cover a policyholder’s loss resulting from a fraudulent e-mail scam.

Aqua Star (USA) Corp. v. Travelers Cas. & Sur. Co. of America, 2018 WL 1804338 (9th Cir., April 17, 2018), involved a scam in which Aqua Star, a seafood importer, was tricked into making wire transfers to a cybercriminal’s bank account after receiving spoofed e-mails made to appear as if they had come from one of the company’s seafood vendors. The fraudulent e-mails asked Aqua Star to change the bank account information for future payments to the vendor. An Aqua Star employee complied with the request, entered the fraudulent account number into a computer spreadsheet on which Aqua Star saved its vendors’ bank account information, then used the fraudulent account number for wire transfers intended for the vendor. Over $700,000 was wired to the impostor’s bank account before the fraud was detected.

Aqua Star made a claim for the loss under its Crime Policy with Travelers, which covered certain losses directly caused by “Computer Fraud,” defined as the use of a computer to fraudulently cause a transfer of money.  Travelers denied coverage, citing, among other things, an exclusion that barred coverage for loss resulting “directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured’s Computer System[.]”

Aqua Star sought a declaration that the Crime Policy provided coverage, but the District Court agreed with Travelers, ruling that the exclusion unambiguously applied. The Aqua Star employee’s entry of the fraudulent account information into Aqua Star’s spreadsheet and subsequent use of that information to initiate the wire transfers, the court reasoned, was “entry of electronic data” by an authorized user of the insured’s computer system. Because this entry of data was a necessary step in the chain of events that led to the wire transfer, it was an “indirect” cause of the loss and came within the clear language of the exclusion.

On appeal, Aqua Star argued, among other things, that the District Court had erroneously failed to apply Washington’s “efficient proximate cause” rule, under which there may be coverage if two or more perils combine to cause a loss, and a covered peril is the predominant or efficient cause of the loss. The cybercriminal’s fraudulent use of a computer was the predominant cause of this loss, Aqua Star asserted, and coverage should not be destroyed because an innocent employee used a computer for an act that happened to be an intermediate step in the causal chain.

The Ninth Circuit disagreed, upholding the District Court’s finding that the exclusion unambiguously applied, and rejecting the “efficient proximate cause” argument. Noting that the efficient proximate cause rule applied only where two or more perils combined to cause a loss, the Court found that Aqua Star’s loss was caused by only one peril, Computer Fraud, and that the company “[could] not avoid a contractual exclusion merely by affixing an additional label or separate characterization to the act or event causing the loss.” Aqua Star, 2018 WL 1804338, at *1 (citation omitted).

The Aqua Star decision did not reach some of the threshold issues with which other courts have grappled in wire-fraud cases, such as whether Computer Fraud provisions are meant to be restricted to unauthorized intrusion or hacking into an insured’s computer system, as opposed to authorized entry of data prompted by fraud. Nevertheless, this decision joins a growing body of case law in which courts have declined to extend “Computer Fraud” coverage to situations involving fraudulent e-mail scams, and illustrates some of the many hurdles that can lie in the path of claims for coverage of such scams.

Related People
John G. O'Neill
John G. O'Neill
Partner
617.227.3030
[email protected]
 Jessica H. Park
Jessica H. Park
Partner
617.227.3030
[email protected]