What is a Man in the Middle Attack?
Read the full article at https://www.linkedin.com/pulse/fairly-debatable-claim-defeats-bad-faith-amendment-zalma-esq-cfe and see full video at https://rumble.com/v1cqa7p-fairly-debatable-claim-defeats-bad-faith-amendment.html and at
and at https://zalma.com/blog and https://claimschool.com/?p=122 and more than 4250 posts.
Posted on July 19, 2022 by barryzalma
See full video at https://rumble.com/v1cqa7p-fairly-debatable-claim-defeats-bad-faith-amendment.html and at
After an unknown individual (“fraudster”) gained unauthorized access to Fishobowl’s accountant, Ms. Wendy Williams’ e-mail account. Once inside Ms. Williams’ e-mail account, the fraudster created certain “rules” to redirect certain e-mail communications within the e-mail system. One rule redirected e-mail communications containing certain keywords to an e-mail account that is not associated with Fishbowl. Another rule marked e-mail communications sent from “fedins.com” as having already been “read, ” and automatically stored them in the “RSS Subscriptions” folder. These rules prevented Ms. Williams from noticing certain e-mail communications, including e-mails from Federated Insurance regarding invoice payments.
In Fishbowl Solutions, Inc. v. The Hanover Insurance Company, No. 21-cv-00794 (SRN/BRT), United States District Court, D. Minnesota (May 9, 2022) it became clear that the purpose of the scheme was to trick Fishbowl’s customers into paying invoices to the fraudster without Fishbowl noticing. Pursuant to this scheme, the fraudster directed six of Fishbowl’s customers to change how and where to make their payments. By employing a variety of techniques to conceal the scheme, the fraudster posed as Ms. Williams when communicating by e-mail with Federated Insurance. The fraudster also posed as Federated Insurance when communicating by e-mail with Ms. Williams. As a result of the scheme, Federated Insurance made two payments to the fraudster, totaling $176,962. The fraudster was a classic man in the middle who attacked Fishbowl to the tune of more than $176,962.
Fishbowl discovered the scheme and informed the six customers about the scheme, five of them were able to recall or redirect their payments. However, Federated Insurance was unable to do so. Although the United States Secret Service recovered $29,035.79 of the monies paid by Federated Insurance to the fraudster, Fishbowl suffered a loss of the difference, which totaled $147,926.21.
BACKGROUND
Fishbowl is a software company. It creates and customizes packaged software for its customers using the latest technologies. This software helps customers innovate and access information.
The Policy
Hanover issued a Technology Professional Liability Policy to Fishbowl. The Policy provides “Cyber Business Interruption and Extra Expense” coverage (the “Coverage”), as follows:
“We will pay actual loss of ‘business income’ and additional ‘extra expense’ incurred by you during the ‘period of restoration’ directly resulting from a ‘data breach’ which is first discovered during the ‘policy period’ and which results in an actual impairment or denial of service of ‘business operations’ during the ‘policy period.’”
The term “[b]usiness income” includes net income “that would have been earned or incurred if there had been no impairment or denial of ‘business operations’ due to a covered ‘data breach.’” “Business operations” means Fishbowl’s “usual and regular business activities.” “Data breach” is defined in seven different ways in the Policy.
The Insurance Claim
Hanover received Fishbowl’s insurance claim seeking reimbursement for business interruption and losses due to the fraudster’s conduct. Within a few weeks, Hanover denied the claim.
The Civil Suit
Fishbowl sued, alleging breach of contract and seeking declaratory and monetary relief. During discovery, Fishbowl deposed the claims manager Fishbowl alleged that claims manager testified that, as defined by the Policy, Fishbowl “sustained a data breach” and “had suffered an actual loss of business income.”
Plaintiff’s Motion to Amend
Fishbowl timely moved to amend the Complaint, seeking to add a claim for bad faith. Fishbowl contended that Hanover acted with bad faith by repeatedly ignoring, and by failing to properly investigate, its claim and by failing to cover its loss.
The Order
The magistrate judge denied the motion to amend as futile. In reaching that decision, the court analyzed whether Plaintiff had plausibly plead a claim for bad faith in the Proposed Amended Complaint.
The magistrate judge found that Fishbowl failed to plausibly plead the second prong of the test. The court concluded that it is an unresolved legal question whether the Coverage applied to losses caused by a “man in the middle” cyberattack. Because the law is unresolved, the court found the issue “fairly debatable,” and therefore, cannot serve as a basis for a claim of bad faith.
DISCUSSION
Federal Rules of Civil Procedure provides that “[t]he court should freely give leave [to amend a pleading] when justice so requires.” Fed.R.Civ.P. 15(a)(2). But “[a] district court may appropriately deny leave to amend where there are compelling reasons such as . . . futility of the amendment.”
The Amendment is futile where the proposed amended claim would not withstand a motion to dismiss for failure to state a claim. Although a complaint need not contain detailed factual allegations, it must allege facts with enough specificity to raise a right to relief above the speculative level. Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, are insufficient.
Analysis
The Minnesota Legislature has created a private cause of action to penalize bad faith denial of benefits by insurance providers. Under the statute, a party, after commencing a civil suit, may make a motion to amend the pleadings to claim recovery of taxable costs. The applicable legal basis for establishing a claim under the statute is a two-prong test, which is as follows:
The court may award as taxable costs to an insured . . . if the insured can show:
(1) the absence of a reasonable basis for denying the benefits of the insurance policy; and
(2) that the insurer knew of the lack of a reasonable basis for denying the benefits of the insurance policy or acted in reckless disregard of the lack of a reasonable basis for denying the benefits of the insurance policy.
At this stage of the proceedings, plaintiff needs to plausibly plead facts that demonstrate each prong of the test.
First: the pertinent question is “whether a reasonable insurer under the circumstances would not have denied the insured the benefits of the insurance policy.”
A reasonable insurer would not have denied the benefits when there was a covered data breach. Accordingly, the Court found that Plaintiff has plausibly plead the first prong.
Second: the plaintiff must pass a subjective test, requiring a certain mens rea on the part of the insurer. Specifically, it requires an insured to prove that the insurer knew, or recklessly disregarded or remained indifferent to information that would have allowed it to know, that it lacked an objectively reasonable basis for denying the insured’s claim for benefits.
Even if Plaintiff is correct as to the failures of Hanover’s investigation, a district court will not grant a motion to amend the pleadings to add a bad faith claim where it is “fairly debatable” whether coverage applies.
Even if Plaintiff’s legal interpretation of the Policy might prevail, the fact that the issue is legally debatable precludes a bad faith claim. In the absence of any case law that controls whether a “man in the middle” attack constitutes a data breach on the Policy, the Court finds Hanover’s interpretation reasonable.
The Magistrate Judge’s April 6, 2022 Order was affirmed.
ZALMA OPINION
No alt text provided for this image
Bad faith requires a mens rea or an evil intent. When the law is unclear and the insurer fairly argues an issue that is debatable and where there is no dispositive case law, the issue is fairly debatable and there is no basis for seeking damages for damages due to the tort of bad faith .
Just published
Random Thoughts on Insurance Volume XIV: A Collection of Blog Posts from Zalma on Insurance —
(c) 2022 Barry Zalma & ClaimSchool, Inc.
No alt text provided for this image
Barry Zalma, Esq., CFE, now limits his practice to service as an insurance consultant specializing in insurance coverage, insurance claims handling, insurance bad faith and insurance fraud almost equally for insurers and policyholders. He practiced law in California for more than 44 years as an insurance coverage and claims handling lawyer and more than 54 years in the insurance business. He is available at http://www.zalma.com and [email protected].
Subscribe and receive videos limited to subscribers of Excellence in Claims Handling at locals.com https://zalmaoninsurance.locals.com/subscribe.
Subscribe to Excellence in Claims Handling at https://barryzalma.substack.com/welcome.
Write to Mr. Zalma at [email protected]; http://www.zalma.com; http://zalma.com/blog; daily articles are published at https://zalma.substack.com.
Go to the podcast Zalma On Insurance at https://anchor.fm/barry-zalma; Follow Mr. Zalma on Twitter at https://twitter.com/bzalma; Go to Barry Zalma videos at Rumble.com at https://rumble.com/c/c-262921; Go to Barry Zalma on YouTube- https://www.youtube.com/channel/UCysiZklEtxZsSF9DfC0Expg; Go to the Insurance Claims Library – https://zalma.com/blog/insurance-claims-library/
Convicted Criminal Seeks to Compel Receiver to Protect his Assets
Post number 5291
See the video at and at and at https://www.zalma.com/blog plus more than 5250 posts.
The Work of a Court Appointed Receiver is Constitutionally Protected
In Simon Semaan et al. v. Robert P. Mosier et al., G064385, California Court of Appeals, Fourth District, Third Division (February 6, 2026) the Court of Appeals applied the California anti-SLAPP statute which protects defendants from meritless lawsuits arising from constitutionally protected activities, including those performed in official capacities. The court also considered the doctrine of quasi-judicial immunity, which shields court-appointed receivers from liability for discretionary acts performed within their official duties.
Facts
In September 2021, the State of California filed felony charges against Simon Semaan, alleging violations of Insurance Code section 11760(a) for making...
When There are Two Different Other Insurance Clauses They Eliminate Each Other and Both Insurers Owe Indemnity Equally
Post number 5289
In Great West Casualty Co. v. Nationwide Agribusiness Insurance Co., and Conserv FS, Inc., and Timothy A. Brennan, as Administrator of the Estate of Pat- rick J. Brennan, deceased, Nos. 24-1258, 24-1259, United States Court of Appeals, Seventh Circuit (February 11, 2026) the USCA was required to resolve a dispute that arose when a tractor-trailer operated by Robert D. Fisher (agent of Deerpass Farms Trucking, LLC-II) was involved in a side-impact collision with an SUV driven by Patrick J. Brennan, resulting in Brennan’s death.
Facts
Deerpass Trucking, an interstate motor carrier, leased the tractor from Deerpass Farms Services, LLC, and hauled cargo for Conserv FS, Inc. under a trailer interchange agreement. The tractor was insured by Great West Casualty Company with a $1 million policy limit, while the trailer was insured by Nationwide Agribusiness Insurance Company with a $2 million ...
Opiod Producer Seeks Indemnity from CGL Insurers
Post number 5288
Read the full article at https://lnkd.in/guNhStN2, see the full video at https://lnkd.in/gYqkk-n3 and at https://lnkd.in/g8U3ehuc, and at https://zalma.com/blog plus more than 5250 posts.
Insurers Exclude Damages Due to Insured’s Products
In Matthew Dundon, As The Trustee Of The Endo General Unsecured Creditors’ Trust v. ACE Property And Casualty Insurance Company, et al., Civil Action No. 24-4221, United States District Court, E.D. Pennsylvania (February 10, 2026) Matthew Dundon, trustee of the Endo General Unsecured Creditors’ Trust, sued multiple commercial general liability (CGL) insurers for coverage of opioid-related litigation involving Endo International PLC a pharmaceutical manufacturer.
KEY FACTS
Beginning as early as 2014, thousands of opioid suits were filed by governments, third parties, and individuals alleging harms tied to opioid manufacturing and marketing.
Bankruptcy & Settlements
Endo filed Chapter 11 in August 2022; before bankruptcy it ...
Passover for Americans
Posted on February 19, 2026 by Barry Zalma
“The Passover Seder For Americans”
For more than 3,000 years Jewish fathers have told the story of the Exodus of the enslaved Jews from Egypt. Telling the story has been required of all Jewish fathers. Americans, who have lived in North America for more than 300 years have become Americans and many have lost the ability to read, write and understand the Hebrew language in which the story of Passover was first told in the Torah. Passover is one of the many holidays Jewish People celebrate to help them remember the importance of G_d in their lives. We see the animals, the oceans, the rivers, the mountains, the rain, sun, the planets, the stars, and the people and wonder how did all these wonderful things come into being. Jews believe the force we call G_d created the entire universe and everything in it. Jews feel G_d is all seeing and knowing and although we can’t see Him, He is everywhere and in everyone.We understand...
Passover for Americans
Posted on February 19, 2026 by Barry Zalma
Read the full article at https://www.linkedin.com/pulse/passover-americans-barry-zalma-esq-cfe-5vgkc.
“The Passover Seder For Americans”
For more than 3,000 years Jewish fathers have told the story of the Exodus of the enslaved Jews from Egypt. Telling the story has been required of all Jewish fathers. Americans, who have lived in North America for more than 300 years have become Americans and many have lostthe ability to read, write and understand the Hebrew language in which the story of Passover was first told in the Torah.
Passover is one of the many holidays Jewish People celebrate to help them remember the importance of G_d in their lives. We see the animals, the oceans, the rivers, the mountains, the rain, sun, the planets, the stars, and the people and ...
You Get What You Pay For – Less Coverage Means Lower Premium
Post number 5275
Posted on January 30, 2026 by Barry Zalma
See the video at and at
When Experts for Both Sides Agree That Two Causes Concur to Cause a Wall to Collapse Exclusion Applies
In Lido Hospitality, Inc. v. AIX Specialty Insurance Company, No. 1-24-1465, 2026 IL App (1st) 241465-U, Court of Appeals of Illinois (January 27, 2026) resolved the effect of an anti-concurrent cause exclusion to a loss with more than one cause.
Facts and Background
Lido Hospitality, Inc. operates the Lido Motel in Franklin Park, Illinois. In November 2020, a windstorm caused one of the motel’s brick veneer walls to collapse. At the time, Lido was insured under a policy issued by AIX Specialty Insurance Company which provided coverage for windstorm damage. However, the policy contained an exclusion for any loss or damage directly or indirectly resulting from ...
