The Illinois regulator is seeking money from insurance companies that are lost in phishing systems

The Illinois Insurance Department filed a lawsuit against entities in Hartford Financial Services Group Inc. and Munich Re on Monday, claiming the recovery of $ 3.98 million stolen from a phishing system.

The case concerns the Illinois branch’s bankruptcy law for two car insurance companies, commercial car insurance companies Gateway Insurance Co. and personal car insurers, Affirmative Insurance Co., which went into liquidation in June 2020 and March 2016, respectively, according to the complaint filed in the U.S. District Court in Chicago in The office for the special assistant recipient and others v. Hartford Fire Insurance Co. and HSB Specialty Insurance Co.

According to the complaint, in June and July 2021

, the e-mail from the department’s office of the deputy specialty recipient’s CFO was broken, with new rules set up so that hackers could bypass the CFO and his e-mail inbox and answer any questions OSD staff had about interaction with monetary bank transfer.

The system resulted in eight fraudulent bank transfers, totaling $ 6.85 million, of which the OSD bank was able to recover approximately $ 2.87 million, leaving an estimated $ 3.98 million in lost OSD custodian funds.

Hartford had issued a bond to the “Financial Institution of Insurance Companies” in May 2021 which provided fraud protection for computer systems with a one-time loss limit of $ 5 million and a deductible of $ 50,000 for one-time loss, and “coverage for electronic mail transfer fraud” which provided $ 250,000 simple and total loss liability limit and a deductible of $ 50,000 for simple loss. The bond had a total debt limit of $ 5 million. Hartford denied coverage during the bond.

HSB Specialty, a unit of Munich Re’s Hartford Steam Boiler Inspection and Insurance Co., issued a 2021 cyber policy that provided, among other things, social engineering and computer fraud insurance, both of which had a $ 250,000 limit on liability subject to $ 50,000 retention. The policy had a total limit of $ 5 million.

HSB Specialty paid $ 250,000 in social engineering but denied coverage of computer fraud.

A spokesman for Hartford Steam had no comment and Hartford did not respond to a request for comment.

A report published in May says that phishing attacks used for first-time access to corporate computer systems increased by more than half during the first quarter compared to the fourth quarter of last year.