Companies that haven’t yet reviewed their cyber risk insurance might want to consider scheduling a look at what they’ve got sooner, rather than later—particularly since one cloud-based services firm had to take its insurer to court to get them to pay up.

Business Insurance reports that California-based Medidata Solutions Inc., which provides cloud-based services to scientists conducting research in clinical trials, lost $4.8 million after an employee in its accounts payable office fell for a spoofing e-mail that supposedly came from the company’s president instructing her to devote her full attention to the demands of “attorney” Michael Meyer.

Of course there was no Michael Meyer, and the e-mail was a fake, but before that was discovered via the suspicions of a company official who launched an investigation, the company was out $4.8 million sent by wire transfer to a bank account that the bogus Meyer provided.

Fortunately a second wire transfer was stopped before the company lost even more money.

According to the ruling issued in U.S. District Court in New York in Medidata Solutions Inc. v. Federal Insurance Co., Medidata, which had a “Federal Executive Protection” policy providing up to $5 million in coverage with Federal Insurance Co., a unit of Warren Township, New Jersey-based Chubb Ltd., submitted a claim for the loss.

But Chubb denied coverage, and Medidata went to court over it.

The District Court granted Medidata’s motion for summary judgment in the case, saying in its ruling, “Medidata argues that the policy’s computer fraud clause covers the company’s loss in 2014, because a thief fraudulently entered and changed data in Medidata’s computer system.”

The insurer further argued that the loss was not covered “because the emails did not require access to Medidata’s computer system, a manipulation of those computers, or input of fraudulent information,” the ruling continued.

However, it added, “The court has reviewed the Policy and concludes that, as matter of law, the unambiguous language of the computer fraud clause provides coverage for the theft from Medidata.” It also said that “Medidata has demonstrated that its losses were a direct cause of a computer violation.”

Although the ruling agreed with Chubb that the policy’s forgery clause did not trigger coverage, nevertheless, it said that Medidata was entitled to coverage under its policy’s funds transfer fraud coverage.

The “validity of the wire transfer depended upon several high-level employees’ knowledge and consent which was only obtained by trick,” it explained, adding, “As the parties are well aware, larceny by trick is still larceny. Therefore, Medidata has demonstrated that the funds transfer clause covers the theft in 2014.”

Instant Insights /

Court rules Chubb unit must pay $4.8 million in spoofing case

More From HR Executive

Related Stories

Recommended For You