Computer Fraud Claim Triggers Insurer’s Duty to Pay Defense Costs Despite “Gravamen” of Litigation Involving Excluded Misappropriation Claims

The Superior Court of the State of Delaware, applying Delaware and Kansas law, has held that an insurer owed a duty to pay defense costs under a directors and officers liability policy for a lawsuit primarily alleging the misappropriation of trade secrets, despite a misappropriation exclusion, on the basis that the underlying complaint asserted a claim alleging computer fraud not excluded by the policy.  WoodSpring Hotels LLC v. Nat’l Union Fire Ins. Co. of Pittsburgh, PA, Case No. N17C-09-274 (Del. Super. Ct., May 2, 2018).

The insureds, an extended stay hotel and one of its employees, were sued by the employee’s former employer, which alleged that the employee stole a customer database of detailed information regarding corporate customers when she left the company.  The “gravamen” of the lawsuit involved claims based on the employee’s alleged theft and misappropriation of trade secrets.  However, the lawsuit also stated one count for violation of the Computer Fraud and Abuse Act (CFAA) alleging unlawful access to the company’s computer system to copy its information.

The insureds tendered the lawsuit under a directors and officers liability policy.  The carrier denied coverage on the basis of a misappropriation exclusion, which barred coverage for any actual or alleged misappropriation of a “trade secret.”

In resulting coverage litigation, the court held that the “gravamen” of the action was the misappropriation of a customer database, which, as alleged, would constitute “trade secrets.”  However, despite the misappropriation exclusion, the court held that the CFAA count triggered the insurer’s duty to pay defense costs for the lawsuit.  The court reasoned that under Delaware law, an insurer is required to “defend the entire action even if only one count or theory of liability potentially lies within the coverage” and predicted that Kansas would follow the same approach.

The court held that a violation of the CFAA turns on fraudulently obtaining “anything of value” through the unauthorized access of a computer, and does not require that the item of value be “a trade secret or even confidential.”  The court found that while the “item of value” in the underlying action plausibly included a trade secret, the insurer did not undertake an investigation to determine what the accessed information actually entailed.

Categories

Wiley Executive Summary

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek