Last week, the U.S. Court of Appeals for the Sixth Circuit ruled that there was coverage for first-party and third-party losses arising from the theft of customer credit card information by hackers under a crime policy’s computer fraud endorsement. See DSW Inc. v. National Union Fire Ins. Co. of Pittsburgh, Pa., Case No. 10-4576/5608 (Aug. 23, 2012). The Sixth Circuit found that the National Union crime policy at issue covered third-party liability losses even though the insuring agreement limited coverage to loss “resulting directly from” the “theft of any Insured property by Computer Fraud.” The Sixth Circuit also rejected National Union’s argument that an exclusion barring coverage for “any loss of proprietary information, Trade Secrets, Confidential Processing Methods or other confidential information of any kind” applied. The court reasoned that, while credit card information might be considered confidential in some circumstances, it could not have been the type of confidential information envisioned by the exclusion. Otherwise, the exclusion would vitiate the coverage that the policy promised to provide.
This is yet another example showing that insureds should read all of their insurance policies carefully for possible coverage when they suffer a loss or are involved in litigation. Insureds are more commonly buying technology errors and omissions coverage or more specific cyber policies that could cover this type of loss, but the endorsement on the National Union crime policy is not uncommon.
I was quoted in this Law360 article (http://www.law360.com/insurance/articles/372903, sign-in required) about the Sixth Circuit’s ruling that policies often have slight differences in policy language that can make a big difference to insureds. That is especially true of policies that cover privacy and cyber risks.