Insurance coverage for “Business Email Compromise” (BEC) scams is a hot issue being litigated by companies and their insurance providers in jurisdictions across the country. The Ninth Circuit is poised to issue what may be an influential decision after hearing oral argument this week in a coverage action initiated by an accounting firm that lost its client’s money to a BEC scam. Learn more from Orrick attorneys Darren Teshima and Harry Moren at our sister blog, Policyholder Insider.
Harry J. Moren
Harry Moren is a lawyer in Orrick's San Francisco office who specializes in commercial litigation. Harry also counsels corporate policyholders on insurance issues and helps them resolve disputes with their insurers. Harry has advised energy companies on regulatory issues.
Harry writes regularly for several Orrick blogs, including the Policyholder Insider, Trust Anchor (Cybersecurity & Data Privacy), and Trade Secrets Watch. Harry also writes for Orrick’s Weekly Auditor Liability Bulletin and wrote for the Securities Reform Act Litigation Reporter.
Pro bono is an important part of Harry's practice. He advocates for immigrants' rights through individual representations and national policy reform. Harry currently represents a lawful permanent resident facing deportation before the Ninth Circuit. Harry has also successfully represented low-income tenants in partnership with the San Francisco Bar Association’s Justice and Diversity Center.
Prior to joining Orrick, Harry worked on the legal team of Greenpeace International in Amsterdam. As a law student, he interned with the Administrative Law Judge Division of the California Public Utilities Commission in San Francisco.
Before attending law school, Harry developed custom software for e-commerce platforms, enterprise management systems, and call center automation for companies including Amazon, Intel, ADT, Cable & Wireless, and Lucent Technologies.
Harry’s recent representations include:
- Represented Pacific Pulmonary Services in a bad faith action against its D&O insurer in the Northern District of California. Achieved partial summary judgment establishing the insurer's duty to advance defense costs for a False Claims Act investigation. Resolved other claims through settlement.
- Represented biotech entrepreneurs against claims of breach of non-competition and non-solicitation agreements in arbitration. Achieved a complete defense award.
- Represented Microsoft before the Second Circuit in a high-profile challenge to the federal government's attempt to force Microsoft to turn over a customer's email content stored on a server in Ireland. Achieved a unanimous ruling in favor of Microsoft. (Statement by Microsoft President and Chief Legal Officer Brad Smith)
- Represented an education technology company against a breach of contract action in federal court. Resolved through settlement just before trial.
- Represented a restaurant franchisee against its franchisor in arbitration. Won a preliminary injunction to prevent franchisor from closing franchisee's restaurant. Resolved through settlement during discovery.
- Represented telecommunications executives against an SEC enforcement action alleging misstatements related to revenue recognition. Resolved through settlement.
- Advised a major gas and electric public utility on regulatory issues.
- Advised a major construction company on insurance and product liability issues.
- Advised a rideshare technology company on insurance issues.
Posts by: Harry Moren
The coverage landscape for “Business E-mail Compromise” (BEC) scams remains somewhat tenuous, as organizations and carriers continue to battle in court over the extent of coverage. Although recent positive, policyholder-friendly trends in the Eighth Circuit (hacker who took over a bank’s computer system) and federal district court in Georgia (scheme based on spoofing a CEO’s e-mail) found insurance coverage for fraudulently transferred funds, a recent unpublished Fifth Circuit opinion moves in the other direction. Unfortunately, this new ruling—and the uncertainty it creates—may embolden insurers in fighting coverage for these scams under crime insurance policies.
“Business Email Compromise” (BEC) scams are becoming an increasingly prevalent concern for businesses—the FBI reports that incidents have increased 1,300% since January 2015. A federal district court in Georgia recently ruled that a BEC scam in which a fraudster deceived an employee into wiring $1.72 million to an account in China was covered a under a commercial crime policy. The court rejected the insurer’s argument that the wire transfer was not directly caused by the BEC scam, and determined that the policy language was ambiguous about whether intervening events affected coverage, thus resolving the ambiguity in favor of the policyholder. At our sister blog Policyholder Insider, Darren Teshima and Harry Moren discuss why this ruling is good news for policyholders who have fallen victim to a BEC scam.
Non-cyber insurance policies often contain exclusions to limit or preclude coverage for data breaches. A Maryland federal district court recently addressed the scope of such exclusions. The court analyzed the meaning of “data” in data breach policy exclusions in a multimedia liability policy and concluded that the undefined term “data” did not include satellite television programming. Having found that the exclusions did not apply, the court held that the underlying lawsuit involving allegations of unauthorized access to satellite television programming triggered the insurer’s duty to defend the policyholder. At Orrick’s Policyholder Insider blog, Darren Teshima and Harry Moren discuss this decision’s rejection of an insurer’s attempt to avoid coverage by broadening the scope of these data breach exclusions.
A recent Eighth Circuit ruling on cybercrime coverage held that the issuer of a financial institution bond must cover a bank’s losses after a hacker’s malware attack resulted in unauthorized fund transfers. The court rejected the insurer’s claim that employee negligence—a factor in the loss—excluded coverage. This is a good decision for financial institutions and crime insurance policyholders, and Orrick attorneys Russell Cohen, Darren Teshima, and Harry Moren discuss the decision and its potential impact on coverage for the trending Business E-mail Compromise (BEC) scam.
This week, a Fourth Circuit panel in an unpublished decision validated arguments long made by policyholders: that commercial general liability policies may provide coverage for certain data breach liabilities. In this case, Travelers Indemnity Company v. Portal Healthcare Solutions, the appellate court affirmed the district court’s 2014 ruling that an insurer had the duty to defend a company that provides electronic medical record management services in a class action alleging that the company made patients’ confidential records publicly accessible by posting the records to an unsecured public website.
Your insurer wrongfully denies coverage—so you file a complaint in court, right? Not so fast! Many new insurance policies now include mandatory arbitration provisions. While at one time arbitration clauses were common only in policies issued by foreign insurers, they are now finding their way into policies issued by domestic insurers and in all types of coverages, including commercial liability insurance policies, D&O, E&O, employment liability, and cyber insurance. While the terms of these clauses vary, to the extent they are enforceable or cannot be negotiated out of the coverage, arbitration provisions close the courthouse doors to insurance disputes and force policyholders and their insurers to resolve disputed issues in private and free from judicial scrutiny. READ MORE
The time may be approaching when no distracted, intoxicated or fatigued driver ever causes an accident and automobile insurance as we know it becomes a thing of the past. If this seems like fantasy, only a few years ago, so did the reason: the “driverless” car—an idea that has fascinated the public for decades is quickly becoming a reality.
There has been a fair amount of discussion and commentary on insurance issues related to this new technology. An article last year in the Wall Street Journal posed the question, “How Do You Insure a Driverless Car?” The answer, it concluded, was not to be found any time soon, noting that insurance companies were unprepared for driverless, or autonomous, cars and were presently unable to evaluate or price the risk. But with the “Internet of Things” setting the pace for current technology trends, some commentators predict that autonomous cars will be common as soon as the year 2020, so it is not too early to think about the risk of driverless cars and the inevitable questions of insurance coverage related to this new risk and others like it. READ MORE
President Obama wants to go where the Supreme Court refused to tread. As part of his cybersecurity and privacy initiatives, which we discussed last week, the President would strengthen the federal anti-hacking provisions of the Computer Fraud and Abuse Act (CFAA), including an expansion of activity covered by the statutory phrase “exceeds authorized access.” In so doing, the President would resolve a circuit split between the First, Fifth, Eighth, Seventh, and Eleventh Circuits, on the one hand, and the Ninth and Fourth Circuits, on the other. His reason? “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families.”
Happy New Year! For a sneak peek at the developments the year may bring to the legal landscape for insurance policyholders, here are five cases worth watching in 2015:
- Fluor Corporation v. Superior Court (Hartford Accident and Indemnity Company), No. S205889 (Cal. filed Oct. 10, 2012)
The California Supreme Court likely will issue its long-awaited decision in Fluor and, in doing so, may overturn its controversial 2003 decision concerning the assignment of insurance policies to successor corporations in Henkel Corporation v. Hartford Accident and Indemnity Company, 29 Cal. 4th 934 (2003). If the Court overturns Henkel,California would join the majority of states that permit a successor corporation to recover under the predecessor’s liability insurance policies for pre-assignment liabilities, regardless of a “no-assignment” provision in the policies. The Fluor case has been fully briefed for more than a year, and many California attorneys expected the Court to issue its decision in 2014. In the interim, California Governor Jerry Brown has recently appointed two new justices to the Court, which some commentators believe may push the court in a more liberal direction and could affect the Court’s decision. READ MORE