Insurer Sues Michaels Over Breach Expenses

Seeks to Avoid Covering Lawsuit Costs
Insurer Sues Michaels Over Breach Expenses

An insurance company that provided general liability coverage to Michaels Stores is asking a court to rule that it's not responsible for covering any of the retailer's breach-related lawsuit expenses.

See Also: Deception-Based Threat Detection: Shifting Power to the Defenders

Safety National Casualty Corp. has filed a lawsuit against Michaels, which faces a consolidated class action lawsuit in the wake of a recent data breach that potentially exposed 3 million payment cards.

The insurance company issued Michaels a commercial general liability insurance policy that was in effect from June 1, 2013 to June 1, 2014, the lawsuit says. The policy covers Michaels for payments it's obligated to pay due to damages because of "bodily injury" or "property damage," according to the insurer's lawsuit

Michaels requested that Safety National Casualty Corp. provide Michaels with coverage of claims in the breach lawsuit, the insurer says.

"Safety National informed Michaels because the claims in the class action lawsuits pertaining to the security breach do not allege 'bodily injury' or 'property damage' or 'personal or advertising injury,' there is no coverage under the policy for the claims asserted in the class action lawsuits, based upon information provided and available to Safety National," the lawsuit says.

In the breach-related lawsuit against Michaels, plaintiffs are seeking compensation for denial of privacy protections they paid for and were entitled to receive resulting in overpayment for products purchased from Michaels, unauthorized charges and related bank fees they incurred, costs associated with identity theft, and the value of time plaintiffs were forced to expend to monitor their financial accounts as a result of the security breach.

The insurance company is asking the court to rule that it has no duty to cover the costs stemming from the consolidated class action lawsuit against Michaels or any other similar breach-related lawsuits.

A spokesperson for Michaels tells Information Security Media Group that the retailer has a separate cyber-insurance policy. She declined to comment on the pending litigation.

Data Breach

Michaels confirmed on April 17 its stores were hit by a data breach that potentially compromised account information for 3 million payment cards.

The breach, which involved "criminals using highly sophisticated malware," potentially affected about 2.6 million cards used at Michaels stores from May 8, 2013, through Jan. 27, 2014, the retailer says. The malware attack also affected Michaels' Aaron Brothers stores, where approximately 400,000 cards were potentially affected from June 26, 2013, through Feb. 27, 2014, the company said in an April 17 statement.

Michaels says breached systems contained certain payment card information, such as payment card numbers and expiration dates, for its customers. The retailer acknowledges it has received a limited number of reports from the payment card brands and banks of fraudulent use of cards potentially connected to use at Michaels or Aaron Brothers stores.

Impacted customers are being offered a year's worth of free credit monitoring and fraud assistance services.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.