In an “extraordinary remedy” of a judgment from a year ago, a federal court judge in Minnesota reversed a decision that Target Corp. was not entitled to insurance coverage from Chubb for costs the retailer incurred to replace payment cards following a late 2013 data breach.
In a new order, U.S. District Judge Wilhelmina M. Wright said the court “erred in its prior judgment” and vacated the prior order in favor of ACE insurance companies (now Chubb).
“As a matter of policy, we do not comment on legal matters,” said a Chubb spokesperson in an emailed statement.
According to court documents, Chubb is “obligated to indemnify Target Corp. for settlement payments” Target made to end class-action litigation brought on behalf of a banks to recoup the costs of replacing credit cards after the 2013 breach of tens of millions of customer payment cards and personal identifiable information.
Target settled with banks for about $138 million, including $20 million in attorneys’ fees and then sought coverage from its general liability policies with Chubb, which denied the claim. The retailer then filed a suit against Chubb, but the court ruled Target “could not demonstrate its claim was related to the loss of use of tangible property that was not physically injured.” Target then filed a motion to have the court alter or amend the judgment.
In its latest interpretation of policy language, the court said Target met all criteria for coverage—specifically that Target was not seeking compensation for missing electronic data, which is excluded by the insurance policies, but instead it was looking to be paid for the loss of use of physical property that was not damaged.
The policies cover “loss of use,” but Target and Chubb disputed the meaning of the phrase, which is not defined in the policies, and no case law could be found “directly on point.” But Target introduced a “factually analogous loss” involving an online company and its insurer. The company’s spyware infected a consumer’s computer, which rendered it inoperable. An appeals court ruled the claims were within the scope of the policy language for “loss of use of tangible property that is not physically damaged.”
In this case, the court concluded cancellation of the payment cards following the Target breach rendered them inoperable and useless. The cards weren’t damaged, but they “could no longer serve their function” just as the consumer’s computer in the case used as guidance.
Once it was established that the cards were tangible property and that they were not physically damaged, the remaining argument regarding electronic data fell. “It is the use of the payment cards, not the use of electronic data, that was lost,” and the parties “do not dispute that the payment cards are ‘tangible property that is not physically injured,'” Wright wrote.
“The court now grants Target’s motion to alter or amend the judgment and corrects the error of law” in its previous order. The amount of the covered loss is to be determined, the court said.