Cyber, Retail
Retailer
16 staff
$5M turnover
Payment: $7,500
Background
The Insured received an invoice, purportedly from a known supplier, requesting payment for an outstanding debt. The Insured transferred $27,000 in accordance with the email instructions. The next week the Insured discovered that the email was fraudulent and payment had been made to a hacker.
Outcome
As the Insured did not have the optional Social Engineering cover under their policy, they were unable to claim for the direct financial loss suffered as a result of making the fraudulent payment. The Insured was able to claim for remediation costs in relation to the attack, given there was a threatened Network Security Event.
Payment: $7,500
Cyber
Accountant
5 staff
$2M turnover
Payment: $90,000
Background
The Insured’s director noticed that some documents on their server had been deleted. Further investigations were undertaken and it was discovered a hacker had been accessing the Insured’s system for the past 2 months.
Outcome
The Insured notified the insurer who hired an IT Forensic Consultant to review the Insured’s systems. It was discovered 800 client files had been accessed which included private details such as driver’s licenses and passport numbers. The insurer appointed a specialist firm to monitor whether any client identities were stolen or sold as well as a law firm to advise on the data breach issues and draft a notification letter to all affected parties. It was determined that the Insured had to report the incident to the Privacy Commissioner and the appropriate steps were taken to secure the information they held. Remediation costs were also covered to rectify any issues with the Insured’s system.
Payment: $90,000
Cyber
Media
12 staff
$3M turnover
Payment: $41,000
Background
A hacker impersonated a client of the Insured, using an identical email address. The hacker emailed the
Insured advising that future payments should be made to a new bank account. When the Insured was due to pay the client, they paid $41,000 into the fraudulent account.
Outcome
The Insured claimed against their Cyber policy which triggered the optional Social Engineering cover. Indemnity was granted for the direct financial loss suffered by the Insured.
Payment: $41,000
Cyber, Hairdresser
Hairdresser
5 staff
$3M turnover
Background
The Insured uses a VoIP telephone system. A hacker gained access to the telephone system and made multiple unauthorised calls to a premium number over the course of a month. At the end of the month, the Insured received their invoice, which included $30,000 of unauthorised calls.
Outcome
The Insured made a claim on their Cyber policy which triggered the optional Social Engineering cover. The client was covered for their direct financial loss as a result of the phreaking attack.
Payment: $30,000
Cyber, Real Estate
Real Estate Agent
7 staff
$33M turnover
Payment: $230,000
Background
The Insured’s emails were accessed by a hacker who posed as the Insured and sent multiple emails to the Insured’s bank instructing for funds to be transferred into the hackers bank account. When the Insured discovered that 3 unauthorised payments had been made totaling $3,000,000, they immediately contacted their bank to freeze the funds. The Insured was able to recover $2,800,000 of the unauthorised transactions.
Outcome
The Insured notified the insurer who appointed lawyers and an IT forensic consultant to assist the Insured in repairing the damage to their system which was caused by the hacker. As the Insured had the optional Social Engineering cover under their policy, they were reimbursed for the direct financial loss of the $200,000 uncovered fraudulent transfers as well as their forensic and legal costs.
Payment: $230,000
The Insurer then issued separate recovery proceedings against the fraudsters to recoup the amount of the loss along with the Insured’s deductible.
Cyber, Medical Services
Medical Services
6 staff
$3.2M turnover
Background
The Insured’s system, which held confidential medical information on their patients, was compromised by a ransomware attack. As the Insured could not access their patients’ medical data, they were unable to operate.
Outcome
The Insured’s policy was triggered and DUAL appointed an IT Forensic Consultant to fix the damage to the Insured’s system and investigate if the hacker still had access to the system. A law firm was also appointed to assist the remediation process and advise if the client had to report the matter to the Privacy Commissioner. Payment was made in relation to business interruption loss, forensics and legal costs.
Payment: $63,000
