Security News > 2022 > August > PC store told it can't claim full cyber-crime insurance after social-engineering attack
A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.
Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud.
In the dismissal order, the US District Court for Minnesota found that the two policy agreements are mutually exclusive, as well as finding SJ's claim fell squarely into its social engineering fraud agreement with Travelers, which has a cap of $100,000.
After realizing the policy limit on computer fraud was 10 times higher, "SJ Computers then made a series of arguments - ranging from creative to desperate - to try to persuade Travelers that its loss was not the result of social-engineering-fraud but instead the result of computer fraud," the district judge wrote in the order.
According to the court's dismissal filing, Travelers defines computer fraud, which it covers up to $1m, as "As intentional, unauthorized, and fraudulent entry or change of data or computer instructions directly into a computer system." At the same time, Travelers' computer fraud policy states that such entries or changes made by employees or authorized persons on the bases of fraudulent instructions is not covered.
All of those cases had a major difference in common, the court pointed out - none of them involved insurance policies that cover both computer and social engineering fraud, or make clear that the two types of fraud are different, mutually exclusive categories.