What Is Modern Warfare? Ninth Circuit Rules War Exclusions Do Not Preclude Coverage for First Party Loss Caused by Hamas Rocket Attacks

On July 12, 2019, the Ninth Circuit Court of Appeals found two “war” exclusions inapplicable, under California law, to a loss caused by 2014 hostilities between Israel and Hamas. Universal Cable Productions, LLC v. Atlantic Specialty Insurance Co., No. 17-56672, 2019 WL 3049034 (July 12, 2019). In doing so, the court overturned the Central District of California’s award of summary judgment in favor of Atlantic Specialty Insurance Company. The parties’ dispute arose out of Atlantic’s refusal to indemnify Universal for
Continue reading...

Courts Continue to Limit Coverage for Data Breach Claims under CGL Policies

This past week, a Florida federal court dealt another blow to policyholders seeking coverage for data breach claims under traditional commercial general liability (CGL) policies, finding that coverage was not afforded under a CGL policy for a claim involving a data breach incident that exposed credit card information and resulted in more than $1.4 million in damages. St. Paul Fire & Marine Ins. Co. v. Rosen Millennium, Inc., No. 617CV540ORL41GJK, 2018 WL 4732718 (M.D. Fla. Sept. 28, 2018). Given the increasing frequency and magnitude
Continue reading...

Better Late Than Never — Time to Get Those Cybersecurity Certifications of Compliance into NYDFS

If you are an individual or company regulated by the New York State Department of Financial Services (NYDFS), you may have received an email from NYDFS reminding you to submit your Certification of Compliance as soon as possible. New York’s relatively new cybersecurity regulation, 23 NYCRR 500 (the Regulation), requires all people and companies covered by the Regulation (Covered Entities) to file an annual statement by February 15 certifying that the entity was compliant (Certification of Compliance) with the Regulation
Continue reading...

First of its Kind: Yahoo Settles Securities Litigation for $80 Million

Yahoo’s recently-announced $80 million settlement of its data breach-related securities lawsuit may be a signal that the plaintiffs’ bar is going to pivot away from pursuing these claims in the form of shareholder derivative lawsuits. In their ongoing effort to capitalize on large-scale data breaches, to date, plaintiffs have struggled to survive motions to dismiss in data breach-related derivative lawsuits (e.g. Target and Wyndham Worldwide). Although the plaintiffs in the Home Depot derivative litigation were able to extract a $1.125
Continue reading...

The Modern Fraudster: How Courts Are Responding to Social Engineering Fraud

In an article for Insurance Journal, Goldberg Segalla partner Jonathan L. Schwartz and associate Colin B. Willmott, members of the Global Insurance Services Practice Group in the firm’s Chicago office, write about social engineering fraud (SEF) and questions over availability of insurance coverage for SEF under commercial crime policies — an issue the Second and Sixth Circuit Courts of Appeals are set to clarify in 2018. SEF includes now-common types of fraud involving digital communications: phishing/whaling, spoofing, and impersonating or pretexting. “A common example [of SEF]
Continue reading...

Congress Rolls Back FCC Privacy Regulations

On March 28, 2017, Congress passed legislation (S.J. Res. 34) that rolled back privacy regulations recently adopted by the Federal Communications Commission. The resolution passed the Senate by a vote of 50-48 and the House by a voted of 215 to 205. This is one of several sets of regulations Congress is rolling back under the authority of the Congressional Review Act of 1996. Under this statute, Congress can nullify administrative regulations by simply passing a joint resolution of disapproval.
Continue reading...

Comments on NYSDFS Cybersecurity Regulation Begin Pouring In

On September 28, 2016, the New York State Department of Financial Services (DFS) released for comment a proposed new regulation entitled Cybersecurity Requirements for Financial Services Companies (23 N.Y.C.R.R. Part 500). Various industry groups have offered comments and expressed concerns about some of its requirements. These concerns include the costs of compliance and the scope of entities regulated by the proposed rule. Among the organizations offering comments are the Excess Lines Association of New York (ELANY) and the American Association
Continue reading...

Credit Card Payment Coverage Declined: Cyberinsurer Not Obligated to Reimburse P.F. Chang’s for PCI Liability

In the most significant cyberinsurance coverage decision to date, an Arizona federal district court in P.F. Chang’s China Bistro v. Federal Insurance Co., No. CV-15-01322-PHX-SMM (D. Ari. May 31, 2016), granted summary judgment to Federal Insurance Company, acknowledging it had no duty to reimburse P.F. Chang’s China Bistro for payment card industry liability assessments under the CyberSecurity policy issued by Federal to P.F. Chang’s corporate parent. This decision represents a significant victory for cyberinsurers insofar as it upholds insurers’ marketing
Continue reading...