American Pacific Mortgage (APM) has filed a breach of contract suit against Aspen Specialty Insurance Company disputing the latter's decision to not cover losses incurred from a business email compromise attack.
The breach of contract case, filed with the U.S. District Court, Southern District New York, is centered on an incident that happened on August 24, 2015, in which a hacker impersonated APM's CEO and instructed a company employee, via email, to make several wire transfers to a Chinese bank account exceeding $75,000. In the court documents APM said it notified Aspen claiming the loss fell under the Computer Systems Fraud portion of its cyberinsurance policy, but Aspen has refused to cover the loss.
APM noted the details of the policy in the court filing it believes the BEC attack would fall under, including receiving: written instructions or advices, or telegraphic or cable instructions or advices, or instructions or advices by voice over telephone, or telefacsimile instructions or advices.
However, the court documents contained portions of Aspen's reasoning for refusing to compensate APM. Aspen told APM, “[T]he wire transfers were an indirect consequence of the spoof emails after the intervention of human action and interaction. [The APM Employee] made a decision to act on the wire requests and took steps to execute same.”
The insurance policy has a $3 million payout cap. APM is requesting the court to order Aspen to pay “damages equal to the amounts owed under the Policy, plus consequential damages, each in amounts to be proven at trial, as well as attorney's fees and pre-and post - judgment interest to the extent permitted by law.”
SC Media contacted Aspen for comment on the case.