(Article from Insurance Law Alert, February 2021)
For more information, please visit the Insurance Law Alert Resource Center.
A Minnesota federal district court ruled that an insurer was not obligated to indemnify a data breach settlement payment, finding that the policyholder’s cost of replacing cancelled plastic credit and debit cards did not constitute a loss of use of tangible property under a general liability policy. Target Corp. v. ACE American Ins. Co., 2021 WL 424468 (D. Minn. Feb. 8, 2021).
Following a data breach of Target’s computer networks, several banks that had issued the compromised credit and debit cards cancelled and reissued those cards to customers. The banks sued Target for the costs associated with those actions. The parties eventually reached confidential settlements, and Target sought indemnification from ACE.
The court granted ACE’s summary judgment motion, ruling that Target failed to demonstrate covered property damage, defined as the “loss of use of tangible property that is not physically injured.” The court explained that Minnesota law requires loss-of-use damages to be “based on” the loss of use of the tangible property. Here, however, there was no nexus between the settlement payment and the value of the loss of the use of the payment cards. The court stated:
Target has not established a connection between the damages incurred for settling claims related to replacing the payment cards and the value of the use of those cards, either to the payment-card holders or issuers. . . . For this reason, the connection . . . is insufficiently direct and, therefore, the damages claimed are not loss-of-use damages covered under the Policies.