Insurer Sues Michaels Over Breach ExpensesSeeks to Avoid Covering Lawsuit Costs
An insurance company that provided general liability coverage to Michaels Stores is asking a court to rule that it's not responsible for covering any of the retailer's breach-related lawsuit expenses.
Safety National Casualty Corp. has filed a lawsuit against Michaels, which faces a consolidated class action lawsuit in the wake of a recent data breach that potentially exposed 3 million payment cards.
The insurance company issued Michaels a commercial general liability insurance policy that was in effect from June 1, 2013 to June 1, 2014, the lawsuit says. The policy covers Michaels for payments it's obligated to pay due to damages because of "bodily injury" or "property damage," according to the insurer's lawsuit
Michaels requested that Safety National Casualty Corp. provide Michaels with coverage of claims in the breach lawsuit, the insurer says.
"Safety National informed Michaels because the claims in the class action lawsuits pertaining to the security breach do not allege 'bodily injury' or 'property damage' or 'personal or advertising injury,' there is no coverage under the policy for the claims asserted in the class action lawsuits, based upon information provided and available to Safety National," the lawsuit says.
In the breach-related lawsuit against Michaels, plaintiffs are seeking compensation for denial of privacy protections they paid for and were entitled to receive resulting in overpayment for products purchased from Michaels, unauthorized charges and related bank fees they incurred, costs associated with identity theft, and the value of time plaintiffs were forced to expend to monitor their financial accounts as a result of the security breach.
The insurance company is asking the court to rule that it has no duty to cover the costs stemming from the consolidated class action lawsuit against Michaels or any other similar breach-related lawsuits.
A spokesperson for Michaels tells Information Security Media Group that the retailer has a separate cyber-insurance policy. She declined to comment on the pending litigation.
Michaels confirmed on April 17 its stores were hit by a data breach that potentially compromised account information for 3 million payment cards.
The breach, which involved "criminals using highly sophisticated malware," potentially affected about 2.6 million cards used at Michaels stores from May 8, 2013, through Jan. 27, 2014, the retailer says. The malware attack also affected Michaels' Aaron Brothers stores, where approximately 400,000 cards were potentially affected from June 26, 2013, through Feb. 27, 2014, the company said in an April 17 statement.
Michaels says breached systems contained certain payment card information, such as payment card numbers and expiration dates, for its customers. The retailer acknowledges it has received a limited number of reports from the payment card brands and banks of fraudulent use of cards potentially connected to use at Michaels or Aaron Brothers stores.
Impacted customers are being offered a year's worth of free credit monitoring and fraud assistance services.