Lyle Adriano reports that some of P.F. Chang’s breach-related costs are not covered by its insurance:
A federal court ruled that Chubb Ltd. does not have to reimburse P.F. Chang’s for costs the restaurant chain charged by its credit card processor under its cyber policy.
[…]
The Federal Court ultimately concluded that on several counts that Federal Insurance is not obligated to reimburse the charges, rationalizing that Bank of America did not suffer from P.F. Chang’s data breach and therefore did not suffer a “privacy injury” the policy could cover.
“The court agrees with Federal; (Bank of America) did not sustain a privacy Injury itself, and therefore cannot maintain a valid claim for injury against Chang’s,” said the ruling.
Read more on Insurance Business America.
When I see stories like this one, I feel particularly concerned for small and medium-sized businesses who really may have no idea what their policies don’t cover and could be totally wiped out by the costs of a breach if their insurer doesn’t cover some things. If you carry cyberinsurance for breach costs, do you know if your policy would cover reimbursement to your card issuer? If you don’t know for absolute sure, this might be a good time to check.