Cyber Risk insurance
breaches & claims examples

Data breaches are occurring for a variety of reasons with some frequency.  Real life examples include:

Employee Error

An employee misplaced a client file somewhere between the office and an off-site meeting.  The file contained customer names, addresses, social security numbers and bank account information.  The company must notify the affected individuals and pay for credit monitoring;  identity theft cannot be ruled out.

An employee lost a laptop while traveling.  The laptop contained names, addresses, birth dates and social security numbers for company employees.  The company paid for one year of credit report monitoring to affected employees to mitigate future issues.

A woman looking for coupons in a large recycling bin found records containing social security numbers and medical histories.  The papers came from a local medical office, and included details about more than 60 patients, including drugs they were taking, and whether they were seeing psychiatrists.  The papers were tossed in a recycle bin by an employee with an otherwise long and stellar service record.  The incident constituted a breach of HIPAA and resulted in governmental fines against the medical office.

An employee of a private high school mistakenly distributed via e-mail the names, social security numbers, birthdates and medical information of students and faculty, creating a privacy breach. Overall, 1,250 individuals’ information was compromised.

A non-profit community action corporation printed two 1099 forms on one piece of paper. An employee was supposed to separate the forms and send each to its rightful owner;  but instead, the forms were sent as-is.  The mistake sent tax forms and social security numbers to unintended recipients:  approximately 50% of the landlords who work with the community action corporation received their forms along with the private information of the others.


Malicious or Criminal Activity

An international computer hacking group gained access electronically to the computerized cash registers of a restaurant chain and stole credit card information of 5,000 customers, starting a flood of fraudulent purchases around the world.

A business is hacked by a local teenager who steals social security numbers and bank account details from customer files.  He sells the information to an Internet website, which uses the information to create false identities for criminals to use. The business incurs notification and credit monitoring expenses;  and the legal expenses and damages from potential lawsuits could easily bring total costs into the hundreds of thousands of dollars.

A man sent an email with spyware to his ex-girlfriend, hoping to monitor what she did on her computer. She opened the email on her work computer, and over the course of 2 weeks, the spyware emailed the man more than a thousand screenshots of confidential data on 150 customers.  The business incurred notification and credit monitoring expenses for the affected customers.

An auto dealership was the target of identity thieves when 2 men broke into the dealership after hours, stealing files containing financial information for customer transactions, including credit reports, bank statements and social security numbers.  The thieves were eventually apprehended, but not before making illegal purchases with stolen identities of dealership customers.

A regional retailer contracted with a third party service provider. A burglar stole two laptops of the service provider containing the data of over 800,000 clients of the retailer. Under applicable notification laws, the retailer – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.

An employee learns that she may be terminated and in response steals names, addresses, social security numbers and other personal information from customer files.  She sold them to her cousin, who used the identities to fraudulently obtain credit cards.  The affected individuals filed suit against company for identity theft.

A U.S. based information technology company contracted with an overseas software vendor. The contracted vendor left certain “administrator” defaults on the company’s server and a “Hacker for Hire” was paid $20,000 to exploit the vulnerability. The hacker demanded an extortion payment otherwise he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2,000,000.


Non-Breach Claims

A financial firm fell victim to criminals using the Zeus virus, and lost a significant sum of money from one of its bank accounts.  Hackers used the virus to steal the company’s online banking access information, and wired funds out of its bank account to a foreign bank account.  The money has not been recovered.

A virus is introduced, and shuts down an order processing systems causing damages to the insured company and its customers, resulting in both first and third party claims.
Data residing with a third party vendor is lost and no external backup is available.  The data can be replicated, but the cost to replace the data is significant.


Cyber Risk & Insurance Agents E&O

According to reports, back-up tapes with 1.7 million patient records from medical providers affiliated with a state university medical center were stolen from a service provider’s employee’s car.  The university incurred more than $3.0 million in costs associated with the breach, and litigation has ensued between the university, the service provider, and the service provider’s insurer.  It appears that no Cyber Risk Insurance was in place, and the insurance agent has been brought into the litigation for failing to provide Cyber Risk Insurance.

We have a unique approach for providing comprehensive and competitive Cyber Risk Insurance to you for your clients.  To find out how, and for additional information, sales collateral, applications and indication forms, and for expert assistance with Cyber Risk Insurance, please contact us.

Tennant Risk Services is a wholesale broker and underwriting manager providing professional liability insurance.  We offer a broad portfolio of Cyber Risk Insurance, Technology E&O and other Professional Liability products customized to meet the specific needs of your clients.  We will provide you with the experience, expertise and market access that you need and expect so you can successfully meet your clients’ insurance needs.

Put our Specialty Insurance Expertise to Work for You

Request More InformationRequest For Information

Get a Quote

Quick links, to help you get a quote

More Information

The application process is simple! More information at the following link

More Information
Work With Us

Interested in accessing Tennant Risk Services’ expertise and markets?

More Information

Tennant Risk Services
124 LaSalle Road
West Hartford, CT 06107
Phone: (860) 519-1301
Fax: (860) 216-5845

twitter logo