7/6/26

By: Jacob Berlinger
A single compromised email account can trigger millions of dollars in losses. But does that necessarily mean insurance coverage follows? In Office of the Special Deputy Receiver v. Hartford Fire Insurance Company, the Seventh Circuit addressed that question in the context of a phishing scheme that allowed fraudsters to impersonate a senior executive and direct unauthorized fund transfers. The decision provides an important look at how courts analyze competing coverage grants and exclusions in claims arising from email-based fraud.
The hack
Hackers used a spear‑phishing scheme to gain access to the CFO of the Office of the Special Deputy Receiver’s (OSD) email. Once inside, they impersonated the CFO and sent emails to other employees directing them to transfer funds outside the Office. Employees followed the instructions, resulting in millions of dollars in losses.
The policy
The Policy contained two key riders: Rider 13 covered computer fraud and Rider 17 covered narrowly defined email-initiated transfer fraud. Specifically, Rider 17 provided limited coverage for fraudulent emails appearing to come from specified external sources, but it also contained an exclusion barring losses resulting from fraudulent instructions “sent to” OSD unless that narrow coverage applied.
Hartford denied OSD’s claim on the ground that the phishing emails did not meet the affirmative coverage requirements and instead fell squarely within this exclusion.
The district court agreed with Hartford’s interpretation and dismissed OSD’s claims against Hartford.
The appeal
On appeal, OSD challenged the district court’s dismissal of its complaint, arguing that its loss should be covered under the policy’s computer fraud provision (Rider 13) and that the email fraud exclusion in Rider 17 either did not apply or created ambiguity when read alongside that coverage.
The court focused on whether the fraudulent emails qualified as a “fraudulent instruction sent to” OSD within the meaning of the exclusion. If yes, the Rider 17 exclusion applies.
The court held that they did. It reasoned that the policy language unambiguously looks to the recipient of the message, not the sender, and the emails were plainly sent to OSD employees even if they originated from an internal account. Because the emails contained fraudulent instructions and were sent to OSD, the exclusion applied, and the fact that the fraud involved hacking or internal impersonation did not take it outside the exclusion’s scope.
Accordingly, the Seventh Circuit affirmed the dismissal, concluding that the loss was not covered under the policy as a matter of law.
For more information on this topic, please contact Jacob Berlinger or your local FMG attorney.
Information conveyed herein should not be construed as legal advice or represent any specific or binding policy or procedure of any organization. Information provided is for educational purposes only. These materials are written in a general format and not intended to be advice applicable to any specific circumstance. Legal opinions may vary when based on subtle factual distinctions. All rights reserved. No part of this presentation may be reproduced, published or posted without the written permission of Freeman Mathis & Gary, LLP.
Share
Save Print