How does it apply in a case involving the ransomware payment from a cryptocurrency account?
Proximate cause, which refers to the closest/first cause of an accident, is a basic principle of insurance. There are several classic examples of how proximate cause works. Recently, a case involving cryptocurrency was decided based on the principle of proximate cause.
First, let’s look at a couple of classic examples of proximate cause. The first concerns fire insurance.
It’s often necessary to identify the proximate cause if the loss can be attributed to more than one cause. Let’s assume there’s a warehouse fire that occurred shortly after an earthquake. Investigators determine that the reason for the fire was the damage caused by shocks from the earthquake to the electrical meter on the premises.
Most property insurance policies from insurance companies specifically exclude the peril of earthquake. And since it’s the proximate cause of the fire, there would be no coverage for the fire under the warehouse’s property policy.
Another classic example of proximate cause involves accident insurance. Say a man who owns a simple accident policy is walking down the street and gets hit by a car. Of course, the man’s injuries were caused the car that hit him. But was the car the proximate cause?
What if it turned out that the man had suffered a heart attack just before the car drove by and the man fell into the road and was then struck by the car? His heart attack would be the proximate cause of his loss. Depending on how limited his accident insurance policy was written his claim may be denied.
Now let’s look at the cryptocurrency case. A federal district court in Portland, Oregon, has ruled that Yoshida Foods International, a beverages and sauces manufacturer, is entitled to reimbursement for the ransom its president paid from his own cryptocurrency account.
The package policy purchased by Yoshida from Chubb Corporation included fraud coverage as a crime coverage feature. A hacker demanded a ransom payment in exchange for decryption keys needed to restore Yoshida’s data files. Junki Yoshida, the company’s president, paid the hacker $107,074.30 from his personal cryptocurrency funds. After filing a claim, the company reimbursed him.
Chubb denied coverage for the fraud claim. They argued that the only loss sustained by Yoshida Foods was the reimbursement payment it made to Mr. Yoshida, who was not personally insured under the policy. There was no direct loss to the policyholder, Yoshida Foods, said Chubb.
Yoshida brought suit against Chubb to cover the claim and the court ruled against Chubb.
“Both the ransom payment made by Mr. Yoshida and the reimbursement of that amount by Plaintiff was proximately caused by the hacker’s computer violation directed against Plaintiff’s computer system,” the ruling said.
“There was no intervening occurrence between the ransomware attacks, the ransom payment, and the reimbursement to Mr. Yoshida, which were all part of an unbroken sequence of events. Plaintiffs’ reimbursement of the $107,074.20 was a foreseeable result of the attack.”
It didn’t matter, said the court, whether the ransom was paid directly by the company or by its president, the act committed by the hacker fit the definition of a loss under the policy. The president’s role as intermediary was “irrelevant.”
For more information on proximate cause in insurance or other services, contact us today.