The insured's Computer Fraud policy failed to provide coverage for a fraudulent email scheme based upon an exclusion barring coverage where an authorized person entered the insured's computer system. Aqua Star Untied States Corp. v. Travelers Cas. & Sur. Co. of Am., 2018 US. App. LEXIS 9660 (9th Cir. April 17, 2018).
Employees of Aqua Stare were manipulated into wiring more than $700,000 to overseas bank accounts controlled by the criminal. The criminal posed as one of the company's seafood vendors, who used emails that were manipulated to appear as though they were sent by the vendor. Coverage was sought under the policy issued by Travelers, but coverage was denied.
Exclusion G provided the policy "will not apply to loss or damages resulting directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured's Computer System . . ." Aqua Star's losses resulted from employees authorized to enter its computer system changing wiring information and sending four payments to a criminal's account. These employees "ha[d] the authority to enter" Aqua Star's system when they "input" Electronic Data on Aqua Star's computers, to change the wiring information and authorize the four wires. Therefore, their conduct fit squarely within the exclusion and there was not coverage.
The decision of the district court granting summary judgment to Travelers was therefore affirmed.