MINNESOTA, May 20 – The U.S. Court of Appeals for the Eighth Circuit Court has ruled that the State Bank of Bellingham was covered for losses caused by an unauthorized wire transfer by hackers. The Bank sough coverage under a financial institution bond underwritten by BancInsure, Inc. for a transfer of nearly $500,000.00 to a foreign bank account. The bond is treated as an insurance policy under Minnesota state law.
According to the opinion, the unauthorized transfer occurred when a bank employee, using an electronic token, password, and passphrase as well as those of another bank employee, executed an authorized wire transfer but left the tokens “open” on an operating computer following completion of the transaction. The following day, two unauthorized transfers were discovered, only one of which the Bank was able to reverse. A forensic investigation of the breach revealed that a computer virus created a breach in access which permitted the fraudulent transfers.
A federal district court ruled that the computer fraud was the legal cause of the loss, not the bank employees’ breach of bank policies and practices regarding the use of confidential passwords, or failure to update antivirus software. The appeals court affirmed the ruling in favor of coverage, and held that while other possible factors may have “played an essential role” in the loss, they did not make the unauthorized transfers “certain” or “inevitable” such that there would be no coverage under the bond.
State Bank v. BancInsure, Inc., 2016 U.S. App. LEXIS 9235 (8th Cir. Minn. May 20, 2016)