Showing just how important cybersecurity can be for one’s business, Liberty Mutual, one of the largest insurance companies in the country, recently informed one of its policy-holders, Schnuck’s, a grocery chain, that it would not be reimbursing it for claims arising out of a series of lawsuits launched due to the theft of thousands of credit card numbers from its systems. Schnuck’s estimated that upwards of 2.4 million credit card and debit card numbers were stolen.
Evidently, hackers managed to force their way into the Schnuck’s computer system and for a period of four months, used this access to steal the credit card information of Schnuck’s customers. Even worse, it appears that Schnuck’s may not have disclosed this breach in a timely manner, as many of the suits claimed that the plaintiffs first learned of the theft when they found fraudulent charges on their credit card bills.
Unsurprisingly, these customers filed a series of lawsuits against Schnuck’s, mainly clustered in Southern Illinois and Northeastern Missouri, alleging that the company had been negligent in protecting the sensitive credit card data and had failed to timely notify its customers of the breach, exacerbating the damages. Facing substantial liability, Schnuck’s turned to its insurer, Liberty Mutual, to reimburse Schnuck’s for the claims, as set out in its insurance policy. Liberty Mutual said no.
Liberty Mutual denied the claims under two separate provisions of Schnuck’s policies. First, Liberty Mutual rejected Schnuck’s claim under Coverage A because that provision covered only liabilities caused by personal injury or property damage and the coverage was limited to ‘tangible property.’ In this case, argued Liberty Mutual, the theft of the credit card numbers did not cause any damage to tangible assets and, as a result, Liberty Mutual was not obligated to reimburse Schnuck’s.
Second, Liberty Mutual rejected Schnuck’s claim under Coverage B, which provides coverage for “personal and advertising injury,” defined as the oral or written publication of material that violates a person’s right to privacy. Liberty Mutual explained that because the stolen credit card information was not published in any form, this form of coverage did not apply either.
As a result, Schnuck’s will now have to either contest the policy in court, and risk losing even more money in legal fees in the hopes that they can get their claims covered by Liberty Mutual, or eat the costs of settling or contesting these lawsuits themselves. In either case, Schnuck’s inability to get the level of protection it needed for its most sensitive information will cost the company dearly.
Cybersecurity is becoming an increasingly important issue for companies of all sizes. Our blog will continue to cover some of the cybersecurity lawsuits making headlines. To learn more about The Patterson Law Firm, visit pattersonlawfirm.com or call (312) 223-1699.