The court found that a fraudster's sending of an email was a "computer use" under the Computer Fraud Insuring Agreement (CFIA) of the policy. City of Unalaska v. Nat'l Union Fire Ins. Co., 2022 U.S. Dist. LEXIS 51387 (D. Alaska March 18, 2022).
The city of Unalaska received an email purportedly sent by one of the City's regular vendors, Northern Alaska Contractors (NAC). The email requested a copy of the City's "ACH/EFT" form in order to change its method of receiving payments for invoices from paper checks to electronic ACH transfers. The email was from a fraudster. A city employee emailed the ACH form to the fraudster and advised that even after receipt of the completed form, it would take at least ten days for the city to process the request before issuing payments. The fraudster returned the completed ACH form by email, designating a Citibank Account in New York as the new method for receiving payments. Once the transfer by ACH was ready, the city initiated several payments totalling $2,985,406.10 to the fraudster's account.
Several months later, the city discovered the fraud and reported it to the FBI. It was able to recover close to $2.35 million, resulting in a net loss of $637,861.67. The city submitted a claim for the loss to National Union, which accepted coverage under the Impersonation Fraud Coverage endorsement of the policy and paid the $100,000 polemic limits of that coverage. The city requested payment of the remaining loss of $537,861.67 under the CFIA, but National Union refused payment because the city's claim "did not directly involve the use of any computer to fraudulently cause a transfer of property from inside the premises to a person or place outside the premises."
The city sued and filed a motion for summary judgment. National Union filed a motion for judgment on the pleadings. Both parties agreed that the case presented an issued of first impression in Alaska.
The court found that a reasonable insured would expect coverage under the CFIA. By its plain language, the CFIA applied under these circumstances; the city experienced a loss of money resulting directly from the fraudster's use of a computer - sending an email impersonating the city's vendor - to fraudulently cause a transfer of funds from the city to the fraudster's bank account. The weight of relevant authority in other jurisdictions indicated that the CFIA provided coverage under these circumstances. Therefore, the city's motion was granted and National Union's motion was denied.