(Article from Insurance Law Alert, January 2020)
For more information, please visit the Insurance Law Alert Resource Center.
A Virginia federal district court ruled that losses caused by an email phishing scam are covered by a computer fraud provision because the losses resulted “directly” from the use of a computer. Cincinnati Ins. Co. v. Norfolk Truck Ctr., Inc., 2019 WL 6977408 (E.D. Va. Dec. 20, 2019).
Norfolk Truck Center ordered truck parts from Kimble Mixer Company. Following the order, Norfolk received an email from an imposter claiming to be a Kimble employee that provided payment instructions for the purchase. Norfolk completed the necessary paperwork with its bank and issued a wire transfer in the amount of $333,724 in accordance with the imposter’s instructions. When Norfolk discovered that the email with the instructions was fraudulent, it sought coverage under a computer fraud provision, which covered loss “resulting directly from the use of any computer to fraudulently cause a transfer of [money].” The insurer denied coverage, arguing that the loss did not result “directly” from computer use.
Addressing this matter of first impression under Virginia law, the court ruled that the term “directly,” as used in the computer fraud provision, is unambiguous and means “straightforward” or “proximate” and “without intervening agency.” Applying this interpretation, the court concluded that the wire transfer loss resulted directly from computer use. The court explained that “[c]omputers were used in every step of the way including receipt of the fraudulent instructions and the insured’s compliance with such instructions by directing its bank to wire the funds to the fake payee.”
The court rejected the insurer’s contention that the loss was not direct because multiple individuals were involved in the wire transfer over the course of six days. The court also found unpersuasive the insurer’s assertion that coverage was unavailable because Norfolk was attempting to pay a legitimate invoice, rather than a fraudulent bill. The court stated: “[t]he instant insurance provision does not require a fraudulent payment by computer; rather it requires a computer’s use to fraudulently cause a transfer of money.”
As discussed in last month’s Alert, the Eleventh Circuit similarly held that a fraudulently-induced wire transfer initiated by an email phishing scheme satisfied the “directly” requirement of a computer fraud provision.