Back to the Library
In October 2014, a district court in Pennsylvania held that an insurer could not avoid indemnifying its insured, a bank, for a payment it made to reimburse a depositor that was robbed as a result of computer hacking. First Commonwealth Bank v. St. Paul Mercury Ins. Co., 2:14-cv-00019, 2014 U.S. Dist. LEXIS 141538 (W.D.Pa. Oct. 6, 2014). The case is significant because it demonstrates that insurance coverage is available when the insured is complying with the law governing its obligations in response to a computer hacking event, despite that the insurer has not granted its consent to the insured’s actions.