A pioneer case in respect to Canadian cybercrime insurance coverage was decided by the Alberta Court of Queen’ Bench in late June, earlier this year.
In The Brick Warehouse LP v. Chubb Insurance Company of Canada, the Alberta Court held that the furniture stores’ insurance coverage for ‘funds transfer fraud’ under its crime coverage policy wasn’t enough to protect the company from its losses of just over $200,000 due to social engineering fraud.
In August 2010, the Brick accounts payable department received a number of phone calls from an individual claiming to represent Toshiba, a supplier for the Brick. The fraudster asked for information clarifying the payment process, and an employee helpfully provided the requested information. An email and another phone call followed the first interaction, and the employee followed the standard internal practice on changing account information to satisfy the imposter’s request. In total, ten invoices worth $338,322.22 were transferred into the “new” account.
In September 2010, the Brick was contacted by someone claiming to represent Sealy Canada, making the same request and asking to have the account information changed to match the same RBC account as Toshiba.
Before the new transaction was completed, alarm bells went off, which promoted the Brick to undertake an investigation that uncovered the fraud.
After contacting police, the Brick was able to recover a portion of the fraudulently transferred funds. The Brick then followed up with their insurer, Chubb Insurance, to make a claim for the remainder of the lost funds under its crime coverage policy. However, Chubb determined that the loss was not covered by the policy; specifically that it did not fall under the ‘fund transfer fraud’ coverage.
The Court determined that the losses suffered by the Brick as a result of social engineering fraud were not covered under the Chubb insurance policy.
Read more at Lexology
