What is a Man in the Middle Attack?
Read the full article at https://www.linkedin.com/pulse/fairly-debatable-claim-defeats-bad-faith-amendment-zalma-esq-cfe and see full video at https://rumble.com/v1cqa7p-fairly-debatable-claim-defeats-bad-faith-amendment.html and at
and at https://zalma.com/blog and https://claimschool.com/?p=122 and more than 4250 posts.
Posted on July 19, 2022 by barryzalma
See full video at https://rumble.com/v1cqa7p-fairly-debatable-claim-defeats-bad-faith-amendment.html and at
After an unknown individual (“fraudster”) gained unauthorized access to Fishobowl’s accountant, Ms. Wendy Williams’ e-mail account. Once inside Ms. Williams’ e-mail account, the fraudster created certain “rules” to redirect certain e-mail communications within the e-mail system. One rule redirected e-mail communications containing certain keywords to an e-mail account that is not associated with Fishbowl. Another rule marked e-mail communications sent from “fedins.com” as having already been “read, ” and automatically stored them in the “RSS Subscriptions” folder. These rules prevented Ms. Williams from noticing certain e-mail communications, including e-mails from Federated Insurance regarding invoice payments.
In Fishbowl Solutions, Inc. v. The Hanover Insurance Company, No. 21-cv-00794 (SRN/BRT), United States District Court, D. Minnesota (May 9, 2022) it became clear that the purpose of the scheme was to trick Fishbowl’s customers into paying invoices to the fraudster without Fishbowl noticing. Pursuant to this scheme, the fraudster directed six of Fishbowl’s customers to change how and where to make their payments. By employing a variety of techniques to conceal the scheme, the fraudster posed as Ms. Williams when communicating by e-mail with Federated Insurance. The fraudster also posed as Federated Insurance when communicating by e-mail with Ms. Williams. As a result of the scheme, Federated Insurance made two payments to the fraudster, totaling $176,962. The fraudster was a classic man in the middle who attacked Fishbowl to the tune of more than $176,962.
Fishbowl discovered the scheme and informed the six customers about the scheme, five of them were able to recall or redirect their payments. However, Federated Insurance was unable to do so. Although the United States Secret Service recovered $29,035.79 of the monies paid by Federated Insurance to the fraudster, Fishbowl suffered a loss of the difference, which totaled $147,926.21.
BACKGROUND
Fishbowl is a software company. It creates and customizes packaged software for its customers using the latest technologies. This software helps customers innovate and access information.
The Policy
Hanover issued a Technology Professional Liability Policy to Fishbowl. The Policy provides “Cyber Business Interruption and Extra Expense” coverage (the “Coverage”), as follows:
“We will pay actual loss of ‘business income’ and additional ‘extra expense’ incurred by you during the ‘period of restoration’ directly resulting from a ‘data breach’ which is first discovered during the ‘policy period’ and which results in an actual impairment or denial of service of ‘business operations’ during the ‘policy period.’”
The term “[b]usiness income” includes net income “that would have been earned or incurred if there had been no impairment or denial of ‘business operations’ due to a covered ‘data breach.’” “Business operations” means Fishbowl’s “usual and regular business activities.” “Data breach” is defined in seven different ways in the Policy.
The Insurance Claim
Hanover received Fishbowl’s insurance claim seeking reimbursement for business interruption and losses due to the fraudster’s conduct. Within a few weeks, Hanover denied the claim.
The Civil Suit
Fishbowl sued, alleging breach of contract and seeking declaratory and monetary relief. During discovery, Fishbowl deposed the claims manager Fishbowl alleged that claims manager testified that, as defined by the Policy, Fishbowl “sustained a data breach” and “had suffered an actual loss of business income.”
Plaintiff’s Motion to Amend
Fishbowl timely moved to amend the Complaint, seeking to add a claim for bad faith. Fishbowl contended that Hanover acted with bad faith by repeatedly ignoring, and by failing to properly investigate, its claim and by failing to cover its loss.
The Order
The magistrate judge denied the motion to amend as futile. In reaching that decision, the court analyzed whether Plaintiff had plausibly plead a claim for bad faith in the Proposed Amended Complaint.
The magistrate judge found that Fishbowl failed to plausibly plead the second prong of the test. The court concluded that it is an unresolved legal question whether the Coverage applied to losses caused by a “man in the middle” cyberattack. Because the law is unresolved, the court found the issue “fairly debatable,” and therefore, cannot serve as a basis for a claim of bad faith.
DISCUSSION
Federal Rules of Civil Procedure provides that “[t]he court should freely give leave [to amend a pleading] when justice so requires.” Fed.R.Civ.P. 15(a)(2). But “[a] district court may appropriately deny leave to amend where there are compelling reasons such as . . . futility of the amendment.”
The Amendment is futile where the proposed amended claim would not withstand a motion to dismiss for failure to state a claim. Although a complaint need not contain detailed factual allegations, it must allege facts with enough specificity to raise a right to relief above the speculative level. Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, are insufficient.
Analysis
The Minnesota Legislature has created a private cause of action to penalize bad faith denial of benefits by insurance providers. Under the statute, a party, after commencing a civil suit, may make a motion to amend the pleadings to claim recovery of taxable costs. The applicable legal basis for establishing a claim under the statute is a two-prong test, which is as follows:
The court may award as taxable costs to an insured . . . if the insured can show:
(1) the absence of a reasonable basis for denying the benefits of the insurance policy; and
(2) that the insurer knew of the lack of a reasonable basis for denying the benefits of the insurance policy or acted in reckless disregard of the lack of a reasonable basis for denying the benefits of the insurance policy.
At this stage of the proceedings, plaintiff needs to plausibly plead facts that demonstrate each prong of the test.
First: the pertinent question is “whether a reasonable insurer under the circumstances would not have denied the insured the benefits of the insurance policy.”
A reasonable insurer would not have denied the benefits when there was a covered data breach. Accordingly, the Court found that Plaintiff has plausibly plead the first prong.
Second: the plaintiff must pass a subjective test, requiring a certain mens rea on the part of the insurer. Specifically, it requires an insured to prove that the insurer knew, or recklessly disregarded or remained indifferent to information that would have allowed it to know, that it lacked an objectively reasonable basis for denying the insured’s claim for benefits.
Even if Plaintiff is correct as to the failures of Hanover’s investigation, a district court will not grant a motion to amend the pleadings to add a bad faith claim where it is “fairly debatable” whether coverage applies.
Even if Plaintiff’s legal interpretation of the Policy might prevail, the fact that the issue is legally debatable precludes a bad faith claim. In the absence of any case law that controls whether a “man in the middle” attack constitutes a data breach on the Policy, the Court finds Hanover’s interpretation reasonable.
The Magistrate Judge’s April 6, 2022 Order was affirmed.
ZALMA OPINION
No alt text provided for this image
Bad faith requires a mens rea or an evil intent. When the law is unclear and the insurer fairly argues an issue that is debatable and where there is no dispositive case law, the issue is fairly debatable and there is no basis for seeking damages for damages due to the tort of bad faith .
Just published
Random Thoughts on Insurance Volume XIV: A Collection of Blog Posts from Zalma on Insurance —
(c) 2022 Barry Zalma & ClaimSchool, Inc.
No alt text provided for this image
Barry Zalma, Esq., CFE, now limits his practice to service as an insurance consultant specializing in insurance coverage, insurance claims handling, insurance bad faith and insurance fraud almost equally for insurers and policyholders. He practiced law in California for more than 44 years as an insurance coverage and claims handling lawyer and more than 54 years in the insurance business. He is available at http://www.zalma.com and [email protected].
Subscribe and receive videos limited to subscribers of Excellence in Claims Handling at locals.com https://zalmaoninsurance.locals.com/subscribe.
Subscribe to Excellence in Claims Handling at https://barryzalma.substack.com/welcome.
Write to Mr. Zalma at [email protected]; http://www.zalma.com; http://zalma.com/blog; daily articles are published at https://zalma.substack.com.
Go to the podcast Zalma On Insurance at https://anchor.fm/barry-zalma; Follow Mr. Zalma on Twitter at https://twitter.com/bzalma; Go to Barry Zalma videos at Rumble.com at https://rumble.com/c/c-262921; Go to Barry Zalma on YouTube- https://www.youtube.com/channel/UCysiZklEtxZsSF9DfC0Expg; Go to the Insurance Claims Library – https://zalma.com/blog/insurance-claims-library/
Jury’s Findings Interpreting Insurance Contract Affirmed
Post 5105
See the full video at https://lnkd.in/gPa6Vpg8 and at https://lnkd.in/ghgiZNBN, and at https://zalma.com/blog plus more than 5100 posts.
Madelaine Chocolate Novelties, Inc. (“Madelaine Chocolate”) appealed the district court’s judgment following a jury verdict in favor of Great Northern Insurance Company (“Great Northern”) concerning storm-surge damage caused by “Superstorm Sandy” to Madelaine Chocolate’s production facilities.
In Madelaine Chocolate Novelties, Inc., d.b.a. The Madelaine Chocolate Company v. Great Northern Insurance Company, No. 23-212, United States Court of Appeals, Second Circuit (June 20, 2025) affirmed the trial court ruling in favor of the insurer.
BACKGROUND
Great Northern refused to pay the full claim amount and paid Madelaine Chocolate only about $4 million. In disclaiming coverage, Great Northern invoked the Policy’s flood-exclusion provision, which excludes, in relevant part, “loss or damage caused by ....
Failure to Name a Party as an Additional Insured Defeats Claim
Post 5104
Read the full article at https://lnkd.in/gbcTYSNa, see the full video at https://lnkd.in/ggmDyTnT and at https://lnkd.in/gZ-uZPh7, and at https://zalma.com/blog plus more than 5100 posts.
Contract Interpretation is Based on the Clear and Unambiguous Language of the Policy
In Associated Industries Insurance Company, Inc. v. Sentinel Insurance Company, Ltd., No. 23-CV-10400 (MMG), United States District Court, S.D. New York (June 16, 2025) an insurance coverage dispute arising from a personal injury action in New York State Supreme Court.
The underlying action, Eduardo Molina v. Venchi 2, LLC, et al., concerned injuries allegedly resulting from a construction accident at premises owned by Central Area Equities Associates LLC (CAEA) and leased by Venchi 2 LLC with the USDC required to determine who was entitled to a defense from which insurer.
KEY POINTS
Parties Involved:
CAEA is insured by Associated Industries Insurance Company, Inc. ...
Exclusion Establishes that There is No Duty to Defend Off Site Injuries
Post 5103
Read the full article at https://lnkd.in/geje73Gh, see the full video at https://lnkd.in/gnQp4X-f and at https://lnkd.in/gPPrB47p, and at https://zalma.com/blog plus more than 5100 posts.
Attack by Vicious Dog Excluded
In Foremost Insurance Company, Grand Rapids, Michigan v. Michael B. Steele and Sarah Brown and Kevin Lee Price, Civil Action No. 3:24-CV-00684, United States District Court, M.D. Pennsylvania (June 16, 2025)
Foremost Insurance Company (“Foremost”) sued Michael B. Steele (“Steele”), Sarah Brown (“Brown”), and Kevin Lee Price (“Price”) (collectively, “Defendants”). Foremost sought declaratory relief in the form of a declaration that
1. it owes no insurance coverage to Steele and has no duty to defend or indemnify Steele in an underlying tort action and
2. defense counsel that Foremost has assigned to Steele in the underlying action may withdraw his appearance.
Presently before the Court are two ...
ZIFL Volume 29, Issue 10
The Source for the Insurance Fraud Professional
See the full video at https://lnkd.in/gK_P4-BK and at https://lnkd.in/g2Q7BHBu, and at https://zalma.com/blog and at https://lnkd.in/gjyMWHff.
Zalma’s Insurance Fraud Letter (ZIFL) continues its 29th year of publication dedicated to those involved in reducing the effect of insurance fraud. ZIFL is published 24 times a year by ClaimSchool and is written by Barry Zalma. It is provided FREE to anyone who visits the site at http://zalma.com/zalmas-insurance-fraud-letter-2/ You can read the full issue of the May 15, 2025 issue at http://zalma.com/blog/wp-content/uploads/2025/05/ZIFL-05-15-2025.pdf
This issue contains the following articles about insurance fraud:
Health Care Fraud Trial Results in Murder for Hire of Witness
To Avoid Conviction for Insurance Fraud Defendants Murder Witness
In United States of America v. Louis Age, Jr.; Stanton Guillory; Louis Age, III; Ronald Wilson, Jr., No. 22-30656, United States Court of Appeals, Fifth Circuit (April 25, 2025) the Fifth Circuit dealt with the ...
Professional Health Care Services Exclusion Effective
Post 5073
See the full video at https://lnkd.in/g-f6Tjm5 and at https://lnkd.in/gx3agRzi, and at https://zalma.com/blog plus more than 5050 posts.
This opinion is the recommendation of a Magistrate Judge to the District Court Judge and involves Travelers Casualty Insurance Company and its duty to defend the New Mexico Bone and Joint Institute (NMBJI) and its physicians in a medical negligence lawsuit brought by Tervon Dorsey.
In Travelers Casualty Insurance Company Of America v. New Mexico Bone And Joint Institute, P.C.; American Foundation Of Lower Extremity Surgery And Research, Inc., a New Mexico Corporation; Riley Rampton, DPM; Loren K. Spencer, DPM; Tervon Dorsey, individually; Kimberly Dorsey, individually; and Kate Ferlic as Guardian Ad Litem for K.D. and J.D., minors, No. 2:24-cv-0027 MV/DLM, United States District Court, D. New Mexico (May 8, 2025) the Magistrate Judge Recommended:
Insurance Coverage Dispute:
Travelers issued a Commercial General Liability ...
A Heads I Win, Tails You Lose Story
Post 5062
Posted on April 30, 2025 by Barry Zalma
"This is a Fictionalized True Crime Story of Insurance Fraud that explains why Insurance Fraud is a “Heads I Win, Tails You Lose” situation for Insurers. The story is designed to help everyone to Understand How Insurance Fraud in America is Costing Everyone who Buys Insurance Thousands of Dollars Every year and Why Insurance Fraud is Safer and More Profitable for the Perpetrators than any Other Crime."
Immigrant Criminals Attempt to Profit From Insurance Fraud
People who commit insurance fraud as a profession do so because it is easy. It requires no capital investment. The risk is low and the profits are high. The ease with which large amounts of money can be made from insurance fraud removes whatever moral hesitation might stop the perpetrator from committing the crime.
The temptation to do everything outside the law was the downfall of the brothers Karamazov. The brothers had escaped prison in the old Soviet Union by immigrating to the United...
