(Article from Insurance Law Alert, April 2022)
For more information, please visit the Insurance Law Alert Resource Center.
Addressing a matter of first impression under Alaska law, a federal court ruled that a Computer Fraud provision in a crime policy covered losses arising from an email impersonation scheme. City of Unalaksa v. National Union Fire Ins. Co., 2022 WL 826501 (D. Alaska Mar. 18, 2022).
A fraudster sent an email to an employee of the City of Unalaska, purporting to be a vendor and requesting a change in payment method. Thereafter, employees of the City followed the protocol for implementing a payment change and ultimately sent wire transfer payments totaling nearly $3 million to the fraudster’s bank account. National Union paid the $100,000 limit under an Impersonation Fraud Coverage endorsement, but denied coverage under the Computer Fraud provision. The City sued for breach of contract and declaratory relief and the court ruled in the City’s favor.
The Computer Fraud provision provided coverage for loss of money or other property “resulting directly from the use of any computer to fraudulently cause a transfer of that property.” National Union argued that the “incidental” use of a computer to send fraudulent emails did not constitute “direct” use of a computer and that this provision was intended to cover incidents such as hacking or malware. Additionally, National Union contended that the intervening actions of City employees, as well as the thirty-day period between the fraudster’s initial email and the first payment to his account, severed the causal chain between any purported computer fraud and the loss.
The court rejected these arguments and ruled that a reasonable insured would expect Computer Fraud coverage under these circumstances. The court relied on the Ninth Circuit’s recent decision in Ernst & Hass Management Co., Inc. v. Hiscox, Inc., 23 F.4th 1195 (9th Cir. 2022) (discussed in our February 2022 Alert), which held that a Computer Fraud provision covered email impersonation loss because the loss “resulted directly” from use of a computer to fraudulently cause a transfer of property, notwithstanding an employee’s actions in effectuating the transfer. The court also relied on American Tooling Center, Inc. v. Travelers Cas. & Sur. Co. of Am., 895 F.3d 455 (6th Cir. 2018) (discussed in our July/August 2018 Alert), in which the Sixth Circuit ruled that fraudulently induced wire transfers were a “direct loss” and that the insured company’s multi-step authorization process did not qualify as an intervening action sufficient to break the causal chain.
The Fifth Circuit reached contrary conclusions in
Apache Corp. v. Great American Ins. Co., 662 Fed. App’x 252 (5
th Cir. 2016) (discussed in our
November 2016 Alert) and
Mississippi Silicon Holdings, LLC v. Axis Ins. Co., 843 Fed. App’x 581 (5
th Cir. 2021) (discussed in our
February 2021 Alert). However, the
Unalaska court deemed those decisions unpersuasive and distinguishable based on the policy language.