What can we help you find? Enter your search above.
What can we help you find? Enter your search above.
Communicating with Sugarman Rogers through this website does not create an attorney-client relationship with the firm or any of our attorneys. Our decision as to whether and on what terms we may agree to represent a client involves consideration of a variety of factors, discussion with the prospective client, and, where appropriate, a written engagement agreement.
Please do not use this form of communication to transmit any private, personally identifying, or other confidential information. We cannot guarantee the confidentiality or security of this means of communication.
July 31, 2024
In a recent decision, a federal court in New York found that a nearly $4.8 million loss sustained by a life sciences technology company, Medidata, Inc., from an email spoofing scam was covered under an Executive Protection policy issued by Federal Insurance Company.
The case, Medidata Solutions Inc. v. Federal Insurance Co. (S.D.N.Y. July 21, 2024), arose out of a fraud that took place in 2014, when a Medidata employee received emails, ostensibly from the company’s president, instructing her to initiate a wire transfer. The emails, along with a telephone call from a man posing as an attorney for the company, led both the employee and two company executives to sign off on the transfer, resulting in $4,770,226 being wired to a bank account number the thief had provided. Medidata soon realized it had been defrauded, and that the thief had altered codes in the emails to make them appear to have been sent by the company’s president.
Medidata sought coverage under the crime coverage section of its policy, including a “Computer Fraud Coverage” clause that covered losses resulting from fraudulent “entry of Data into . . . a Computer System” or fraudulent “change to Data elements or program logic of a Computer System[.]” But Federal denied coverage for the claim, arguing, among other things, that the quoted language required some sort of hacking or manipulation of Medidata’s computer system–not just the transmission of deceptive e-mails to an employee’s inbox.
The court disagreed and granted summary judgment for Medidata, finding that Federal’s reading of the policy was too narrow. Distinguishing other decisions interpreting similar language, the court found that the “Computer Fraud Coverage” was not necessarily restricted to hacking, but could encompass other “deceitful and dishonest access” to a computer system as well. The email spoofing, in which the thief embedded codes that made it appear that his email had been sent by the company president, qualified as such deceitful and dishonest access, and the “Computer Fraud Coverage” clause unambiguously applied.
The Medidata decision provides a new data point in the developing area of cyber coverage and lends insight into the complexities of construing computer fraud and related coverages in the face of constantly evolving, and increasingly sophisticated, cyber fraud schemes.
|
|
Court finds coverage under crime policy for email fraud loss |
Date: July 31, 2024 |
Legal Update |
John G. O'Neill, Jessica H. Park |
Related Services: Insurance & Reinsurance, Business Disputes |
||
|
In a recent decision, a federal court in New York found that a nearly $4.8 million loss sustained by a life sciences technology company, Medidata, Inc., from an email spoofing scam was covered under an Executive Protection policy issued by Federal Insurance Company. The case, Medidata Solutions Inc. v. Federal Insurance Co. (S.D.N.Y. July 21, 2024), arose out of a fraud that took place in 2014, when a Medidata employee received emails, ostensibly from the company’s president, instructing her to initiate a wire transfer. The emails, along with a telephone call from a man posing as an attorney for the company, led both the employee and two company executives to sign off on the transfer, resulting in $4,770,226 being wired to a bank account number the thief had provided. Medidata soon realized it had been defrauded, and that the thief had altered codes in the emails to make them appear to have been sent by the company’s president. Medidata sought coverage under the crime coverage section of its policy, including a “Computer Fraud Coverage” clause that covered losses resulting from fraudulent “entry of Data into . . . a Computer System” or fraudulent “change to Data elements or program logic of a Computer System[.]” But Federal denied coverage for the claim, arguing, among other things, that the quoted language required some sort of hacking or manipulation of Medidata’s computer system–not just the transmission of deceptive e-mails to an employee’s inbox. The court disagreed and granted summary judgment for Medidata, finding that Federal’s reading of the policy was too narrow. Distinguishing other decisions interpreting similar language, the court found that the “Computer Fraud Coverage” was not necessarily restricted to hacking, but could encompass other “deceitful and dishonest access” to a computer system as well. The email spoofing, in which the thief embedded codes that made it appear that his email had been sent by the company president, qualified as such deceitful and dishonest access, and the “Computer Fraud Coverage” clause unambiguously applied. The Medidata decision provides a new data point in the developing area of cyber coverage and lends insight into the complexities of construing computer fraud and related coverages in the face of constantly evolving, and increasingly sophisticated, cyber fraud schemes. |
Related People |
|||
John G. O'NeillPartner617.227.3030[email protected] |
Jessica H. ParkPartner617.227.3030[email protected] |
||