Cyber Risk Coverage Claim Examples
Lost laptops, tossed paper files, disgruntled employees, hackers – these things can happen to anyone. The question is how much information do you have, and how much could it cost if that information is compromised? The average cost of a data breach is $158 per customer record compromised.
- An employee lost a laptop while traveling. The laptop contained names, addresses, birth dates and social security numbers for company employees. The company paid for one year of-credit report monitoring to affected employees to mitigate future issues.
- A woman looking for coupons in a large recycling bin found records containing social security numbers and medical histories. The papers came from a local medical office, and included details about more than 60 patients, including drugs they were taking, and whether they were seeing psychiatrists. The papers were tossed in a recycle bin by an employee with an otherwise long and stellar service record. The incident constituted a breach of HIPAA and resulted in governmental fines against the medical office.
- An employee of a private high school mistakenly distributed via e-mail the names, social security numbers, birthdates and medical information of students and faculty, creating a privacy breach. Overall, 1,250 individuals’ information was compromised.
- A non-profit community action corporation printed two 1099 forms on one piece of paper. An employee was supposed to separate the forms and send each to its rightful owner; but instead, the forms were sent as-is. The mistake sent tax forms and social security numbers to unintended recipients: approximately 50% of the landlords who work with the community action corporation received their forms along with the private information of the others.
Malicious or Criminal Activity
- Hackers used the Zeus virus to steal an escrow company’s online banking access information, and wired $440,000 out of an escrow account to a foreign bank account. The escrow company had to cover the stolen escrow monies to continue doing business, and unsuccessfully sued its bank for the amount lost. Particularly worrisome is the Zeus virus itself, which cannot be detected by most anti-virus software.
- An international computer hacking group gained access electronically to the computerized cash registers of a restaurant chain and stole credit card information of 5,000 customers, starting a flood of fraudulent purchases around the world.
- A man sent an email with spyware to his ex-girlfriend, hoping to monitor what she did on her computer. She opened the email on her work computer, and over the course of 2 weeks, the spyware emailed the man more than a thousand screenshots of confidential data on 150 customers. The business incurred notification and credit monitoring expenses for the affected customers.
- An auto dealership was the target of identity thieves when 2 men broke into the dealership after hours, stealing files containing financial information for customer transactions, including credit reports, bank statements and social security numbers. The thieves were eventually apprehended, but not before making illegal purchases with stolen identities of dealership customers.
- An employee learns that she may be terminated and in response steals names, addresses, social security numbers and other personal information from customer files. She sold them to her cousin, who used the identities to fraudulently obtain credit cards. The affected individuals filed suit against company for identity theft.