DSW Shoe Warehouse wins dispute with Chartis unit over data theft coverage

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.businessinsurance.com/article/20120823/NEWS07/120829934?tags=|299|75|83|329|302|303#crit=DSW

A federal appellate court ruled Thursday that shoe retailer DSW Shoe
Warehouse Inc. was entitled to insurance coverage of more than $6.8
million in stipulated losses and prejudgment interest from a Chartis
Inc. unit in connection with a 2005 computer breach.

In an incident widely reported at the time, DSW, a subsidiary of
Columbus, Ohio-based Retail Ventures Inc., reported that data on
transaction information involving 1.4 million credit cards had been
stolen.

The 6th U.S. Circuit Court of Appeals in Cincinnati in Retail Ventures
Inc. et. al. v. National Union Fire Insurance Co. of Pittsburgh Pa.,
upheld a lower court's ruling that the retailer was entitled to
coverage under a computer fraud rider to a “blanket crime policy” for
its losses.

National Union, a unit of New York-based Chartis, had alleged in part
it was not obligated to provide coverage because DSW “had not
sustained loss 'resulting directly from' the theft of customer
information,” and that it was an uncovered “indirect loss,” according
to the ruling.

But the appellate court disagreed.

“Without ignoring that this is a commercial crime policy directed at
the insured's loss and not a commercial liability policy, our task is
to determine the intention of the parties from the plain and ordinary
meaning of the specific language used,” said the three-judge panel's
unanimous ruling.

“Despite defendant's arguments to the contrary, we find that the
phrase 'resulting directly from' does not unambiguously limit coverage
to loss resulting 'solely' or 'immediately' from the theft itself,”
said the ruling.

“In fact,” said the ruling, a policy endorsement “provided coverage
for loss that the insured sustained 'resulting from' the 'theft of any
insured property by computer fraud'which includes the 'wrongful
conversion of assets under the direct or indirect control of a
computer system by means of … fraudulent accessing of such computer
system.'”

The appellate panel also agreed with the lower court in dismissing
DSW's charge of breach of the duty of good faith and fair dealing in
the matter.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.