March
2016
New York Appellate Division Denies Coverage for Data Breach Under Business Owner’s Policy with Electronic Data Exclusion
In RVST Holdings, LLC, et al. v. Main Street America Assurance Company, No. 521419, 2016 WL 634611 (N.Y.A.D. 3 Dept.), February 18, 2016), an intermediate appellate court in New York found no coverage for a data breach under a Business Owner’s policy containing an electronic data exclusion. A chain of fast food restaurants was hacked and credit card information was stolen and used. A bank sustained damages for reimbursing fraudulent charges and sued the chain for negligently failing to safeguard the information. The chain made a claim for indemnity and defense under its Business Owner’s policy. The insurer denied, and after losing in the lower court, prevailed at the Appellate Division.
The insurer relied on policy language that defined “property damage” as “physical injury to tangible property,” and further provided that “electronic data is not tangible property.” Also, the policy specifically excluded “damages arising out of the loss of . . . electronic data.” Finding this language unambiguous, the Appellate Court found there was no coverage and hence no duty to defend. The Court also found that the separate section of the policy providing coverage for property damage consisting of “direct physical loss of or damage to” the insured’s own property did not apply to third-party claims.