The Indiana Court of Appeals, applying Indiana law, has held that a ransomware attack did not necessarily constitute a “fraudulent” act, and the corresponding loss did not fall within the scope of the computer fraud coverage part of a multi-peril commercial insurance policy.  G&G Oil Co. of Ind. v. Cont’l Western Ins. Co., 2020 WL 1528095 (Ind. Ct. App. Mar. 31, 2020).  The court rejected the argument that the ransomware attack was a fraud because it was an “unconscionable dealing” and instead found that the hacker did not “pervert the truth” or engage in deception in order to induce ransom payment.

Continue Reading No Computer Fraud Coverage for Ransomware Attack

The United States District Court for the Northern District of Mississippi, applying Mississippi law, held that only a “Social Engineering Fraud” provision responded to a loss resulting when an unknown third-party, posing as the insured’s vendor, sent fraudulent banking information and the insured issued payments based on that information.  Miss. Silicon Holdings, LLC v. AXIS Ins. Co., 2020 WL 868874 (N.D. Miss. Feb. 21, 2020).  The court, holding that the policy provisions were unambiguous, rejected the insured’s argument that the policy’s “Computer Transfer Fraud” and “Funds Transfer Fraud” provisions should apply.

Continue Reading Lack of Knowledge Requirement Nixes Coverage for Social Engineering Fraud Under Computer Transfer or Funds Transfer Fraud Limits