Thompson Coe Prevails in $28M Cyber Suit Arising From National Retailer Data Breach

Thompson Coe lawyers successfully obtained judgment on behalf of a client, prevailing on cross-motions for summary judgment, in a lawsuit seeking insurance coverage for $28 million in damages arising from a nationwide data breach.  A national retailer sought coverage under multiple commercial general liability policies issued by Thompson Coe’s client for significant monetary damages assessed by issuing banks against the retailer’s payment card processor after consumer payment information was stolen during a data breach.  In an underlying lawsuit against the retailer, the payment processor alleged that the retailer contractually assumed liability for these damages.  The retailer, in turn, sought coverage for these damages from its insurer, asserting that the damages are for “personal and advertising injury,” which the policies define to include injury arising out of “oral or written publication, in any manner, of material that violates a person’s right of privacy.”

In ruling on the retailer’s and the insurer’s cross-motions for summary judgments, Judge Keith P. Ellison, United States District Judge for the Southern District of Texas, found that the damages were not for “personal and advertising injury” because the retailer failed to identify a single case in which theft of data by a third party was considered a “publication,” and the Court declined to hold otherwise.  The Court also found that the damages in question are not “privacy” damages because the retailer was not sued by the consumers whose data was stolen, but rather by the payment processor for the retailer’s alleged breach of contract.

The case is Landry’s Inc. v. The Insurance Company of the State of Pennsylvania.