Global law firm Dentons Canada LLP is locked in a $1.7-millon dispute with its insurer after staff at the firm’s Vancouver office fell victim to an alleged social engineering attack.
Here is an extract from the article with a link to the full article below: "According to Ontario Superior Court Justice Carole Brown’s recent decision in Dentons Canada LLP v. Trisura Guarantee Insurance Company, an associate at the firm was duped into transferring $2.5 million intended to clear the mortgage on a client’s property into a fraudster’s Hong Kong bank account as part of an alleged “social engineering” fraud.
Although the law firm managed to recover around $800,000, it made a claim for its net loss under a computer fraud rider to its policy with Trisura. But the insurer refused to pay out, claiming that the incident was not covered because the transfer of funds itself was not fraudulent.
In addition, the insurer noted that Dentons had turned down the opportunity to add a social engineering fraud rider offered by Trisura, and claimed other exclusions in the policy applied.
That prompted the law firm to apply for a declaration that the insurer is in breach of its policy and has a duty to pay up. Brown’s decision came when Trisura moved to convert the application to an action, and Dentons responded by narrowing its application to call for an advisory opinion on the interpretation of the computer fraud rider. Her Dec. 11 ruling went in favour of Trisura.
“Determining the advisory question, at this juncture is not, in all circumstances, an expeditious or efficient use of judicial time and resources,” the judge wrote, noting that an action would deliver a full factual matrix, allowing the court to make a more comprehensive determination of the issues.
Nina Bombier, a partner at Lenczner Slaght Royce Smith Griffin LLP who acted for Dentons, says the court missed an opportunity to flesh out Canada’s extremely limited caselaw on coverage in the context of these types of fraud.
“In our view, it would have been more efficient to get an initial interpretation of the computer fraud rider, because if it isn’t broad enough to cover what happened here, then everything else ends,” she says. “There is a bit of caselaw around this issue in the U.S. which cuts both ways, so it would have been helpful to get some law here. It’s an important issue, because with cyber security issues, the fraudsters are getting more and more creative all the time.”
In the 2017 Alberta case of The Brick Warehouse L.P. v. Chubb Insurance Company of Canada, the retailer was denied coverage under its crime policy after falling for a similar scam, but Bombier insists the breadth of the language in Dentons’ policy means her clients should be covered.
Chris McKibbin, a partner at Blaney McMurtry LLP who acted for Trisura, declined an opportunity to comment. In a statement to Law Times, Dentons spokesperson Neetisha Seenundun said the firm has a training regime in place to deal with phishing attacks and cybersecurity.
“The training is updated and repeated annually. [emphasis added] Participation is mandatory by all Dentons partners and employees,” she wrote, noting that the content has been “adjusted to highlight the hallmarks of this kind of fraud.”
Well, apparently that did not work. This is why we stress the importance of new-school security awareness training which tests employees monthly to keep them on their toes with security top of mind.
Full story at LawTimesNews.