In one of the first court decisions to analyze in depth the coverage provided by a cyber policy, a federal judge has found that PF Chang’s policy came up short. Following a 2014 data breach in which hackers accessed and posted online 60,000 credit card numbers belonging to PF Chang’s customers, the company sought coverage under its “CyberSecurity by Chubb” insurance policy. Although PF Chang’s insurer, Federal Insurance Company (“Federal”), agreed to reimburse nearly $1.7 million for customer claims and other breach-related expenses, it refused to reimburse an additional $2 million in fees and assessments levied against P.F. Chang’s by the credit card brands. Last week a federal district judge in Arizona, applying Arizona law, denied PF Chang’s claim for reimbursement and granted summary judgment for Federal. While it held that these fees and assessments fell within the scope of coverage, the court held that the “contractual liability” exclusion barred coverage.