A hacker impersonated a client of the Insured, using an identical email address. The hacker emailed the
Insured advising that future payments should be made to a new bank account. When the Insured was due to pay the client, they paid $41,000 into the fraudulent account.
The Insured claimed against their Cyber policy which triggered the optional Social Engineering cover. Indemnity was granted for the direct financial loss suffered by the Insured.
The Insured uses a VoIP telephone system. A hacker gained access to the telephone system and made multiple unauthorised calls to a premium number over the course of a month. At the end of the month, the Insured received their invoice, which included $30,000 of unauthorised calls.
The Insured made a claim on their Cyber policy which triggered the optional Social Engineering cover. The client was covered for their direct financial loss as a result of the phreaking attack.
Real Estate Agent
The Insured’s emails were accessed by a hacker who posed as the Insured and sent multiple emails to the Insured’s bank instructing for funds to be transferred into the hackers bank account. When the Insured discovered that 3 unauthorised payments had been made totaling $3,000,000, they immediately contacted their bank to freeze the funds. The Insured was able to recover $2,800,000 of the unauthorised transactions.
The Insured notified the insurer who appointed lawyers and an IT forensic consultant to assist the Insured in repairing the damage to their system which was caused by the hacker. As the Insured had the optional Social Engineering cover under their policy, they were reimbursed for the direct financial loss of the $200,000 uncovered fraudulent transfers as well as their forensic and legal costs.
The Insurer then issued separate recovery proceedings against the fraudsters to recoup the amount of the loss along with the Insured’s deductible.
The Insured’s system, which held confidential medical information on their patients, was compromised by a ransomware attack. As the Insured could not access their patients’ medical data, they were unable to operate.
The Insured’s policy was triggered and DUAL appointed an IT Forensic Consultant to fix the damage to the Insured’s system and investigate if the hacker still had access to the system. A law firm was also appointed to assist the remediation process and advise if the client had to report the matter to the Privacy Commissioner. Payment was made in relation to business interruption loss, forensics and legal costs.
Not for Profit
The Insured engaged a third party supplier for assistance in marketing their organisation and gathering donors’ information; including names, emails and phone numbers. The Insured was advised that the third party supplier’s system was breached and data had been lost.
The Insured notified DUAL who appointed a law firm to advise in relation to the Insured’s privacy legislation obligations. The Insured did not have to report the incident to the Privacy Commissioner based on individual circumstances and the IT data they had available to them. Payment was made in relation to the legal costs.
Following the sale of 2 properties, the Insured was required to make a payment of $400,000 to their property consultant. On the day the payment was due, the Insured received an email from the consultant advising their banking details had changed.
The Insured requested that this be sent to them in writing on the consultant’s letterhead which they received, including the signature of the director of the consultancy company. The Insured was later chased by the consultant for payment at which time it was discovered that the email and letter had been fraudulent. The Insured contacted their bank to stop the payment and were informed that the money had already been withdrawn and transferred overseas.
The Insured made a claim on their Cyber policy which triggered the optional Social Engineering cover. DUAL appointed an IT forensic consultant who identified that the hacker had infiltrated the consultants system and intercepted correspondence between the Insured and the consultancy firm. The Insured was reimbursed for the outstanding funds (capped at the Social Engineering sub limit of $250,000).