Judy Greenwald reports:
A federal appeals court reversed a lower court Wednesday and ruled an American International Group Inc. unit is obligated to defend a retailer in connection with a data breach.
Houston-based Landry’s Inc., which operates retail properties including restaurants, hotels and casinos, discovered a data breach that occurred between May 2014 and December 2015 that involved the unauthorized installation of a program on its payment processing devices, according to Wednesday’s ruling by the 5th U.S. Circuit Court of Appeals in New Orleans in Landry’s Inc. v. The Insurance Co. of the State of Pennsylvania.
Over about a year-and-a-half, the program retrieved personal information from millions of credit cards and at least some of that information was used to make unauthorized charges, the ruling said.
Read more on Business Insurance about why the panel reversed the lower court decision. It reminds us yet again that the language of policies and exclusions may not be as clear as we need them to be until it may be too late. In this case, the insured has prevailed (for now, at least), but it might have gone the other way and they would have been left without representation by their insurer.