In Star Title Partners of Palm Harbor LLC v. Illinois Union Insurance Co., the Eleventh Circuit Court of Appeals affirmed judgment for the insurer and held that coverage did not exist under the plain language of a cybersecurity policy’s cybercrime endorsement for a Florida title company that was fraudulently induced to wire funds to the account of a fraudster impersonating a mortgage lender.

In summer 2019, Star Title was hired by a homeowner to facilitate the sale of his home. The homeowner identified Capital Mortgage Services of Texas as his mortgage lender and lienholder. Shortly thereafter, Star Title’s designated processor for the sale received an email from an unknown actor purporting to be a Capital Mortgage representative named “Kaitlyn Holt” with a copy of the requested payoff statement and instructions on transferring payoff funds. Star Title also received a second copy of the payoff statement via fax, which matched the email statement. With no suspicion of fraud, the designated processor initiated payment on what she believed to be an authentic payoff statement. Another employee approved the payment as part of Star Title’s two-person authentication protocol, and subsequently, Star Title transferred approximately $181,000 to the fraudster’s account.

Upon notice that Capital Mortgage had not received payment, Star Title discovered that the wire information received via email and fax was incorrect and submitted a claim to Illinois Union Insurance Co. under the cybercrime endorsement of its policy, which provides, in relevant part:

We will pay for Your loss of Funds resulting directly from Your having transferred, paid or delivered any Funds from Your Account as the direct result of an intentional misleading of Your employee, through a misrepresentation of a material fact (“Deceptive  Transfer”) which is:

1. relied upon by an employee, and
2. sent via a telephone call, email, text, instant message, social media related communication, or any other electronic instruction, including a phishing, spearphishing, social engineering, pretexting, diversion, or other confidence scheme, and,
3. sent by a person purporting to be an employee, customer, client or vendor; and,
4. the authenticity of such transfer request is verified in accordance with Your internal procedures.

In response to Star Title’s claim, Illinois Union denied coverage because the claim did not satisfy the last two elements: (1) Capital Mortgage was not an employee, customer, client, or vendor of Star Title; and (2) Star Title did not attempt to verify the authenticity of the transfer request according to its internal procedures.

The Eleventh Circuit interpreted the policy language according to its plain meaning absent policy definitions for “employee,” “customer,” “client,” and “vendor.” According to the court, because the fraudster identified herself as a representative of Capital Mortgage, which is a mortgage lender, she could not be an employee, customer, client, or vendor of Star Title. The Eleventh Circuit noted that Star Title did not “control [Capital Mortgage’s] work performance,” “sell [Capital Mortgage] any particular product,” or “provide it any particular service.” While Star Title asserted that it provided a service to Capital Mortgage by holding and delivering the payoff funds and that Capital Mortgage likewise provided a service to Star Title by applying the funds to the seller’s account, the court remained unconvinced. Rather, the Eleventh Circuit found that although Capital Mortgage and Star Title shared a client, i.e., the seller of the residential home, such a relationship did not create a client-vendor relationship between the two. Accordingly, the court affirmed summary judgment because the policy language did not provide coverage for this instance of fraudulent transfer.