AXIS INSURANCE SERVICES, LLC: Cyber Claims Scenarios
Following are several Cyber and Privacy & Network Security claims filed in the past.
A business was hacked by someone who stole the Social Security numbers and bank account details of its employees and customers. The information was sold to a website which uses the information to create false identities. The defense and damages resulting from the lawsuits exceeded $900,000.
An employee’s company laptop was lost on the train. The laptop contained files of private financial information of the employer’s customers. The company had to pay for notification to its customers that its private financial information was no longer secure. The customers sued the company for damages resulting from its failure to protect their private financial information. The notification costs and settlement totaled $350,000.
A problematic employee found out that he was about to be terminated and, in response, stole personal account details that the business held on its clients, and published them online. When the clients found out about this, they sued for invasion of privacy and demand remediation. Total settlement and defense costs exceeded $600,000.
An employee at an engineering firm found a way through his company’s network security defenses and gained access to a customer’s trade secret. The employee sold the trade secret to a competitor. The customer sued the engineering firm for the failure to protect the trade secret and was awarded for damages. The customer received over $500,000.
Confidential paper files containing names and checking account information of an organization’s donors were found in its parking lot dumpster. The press gained access to the documents and published an article in the local newspaper. The organization needed to notify all affected donors and pay for advertising in the local newspaper. The notification and advertising costs added up to around $50,000.
An employee inadvertently downloaded a destructive computer virus onto the company’s network, resulting in widespread data loss and transmission of the virus to a client’s computer network. The client sued the company, contending it should have prevented transmission of the virus. Damages of $750,000 were sought for the lost data and economic loss caused by the network security breach.
Someone posing as the CFO requested the W-2s of all employee so they could process returns. The controller forwarded the W-2s to the imposter. Subsequently, false tax returns were filed on behalf of employees. Costs incurred to date are in excess of $250,000.
These are only claims examples: minor changes from actual suits have been made to protect the confidentiality of all clients.