Notepad: Risk in Review – April

Morgan O'Rourke


April 2, 2018

NRA Faces Boycotts After Parkland Shooting

NRA protest parkland shootingAmid pressure from gun control advocates in the wake of the Feb. 14 shooting at Marjory Stoneman Douglas High School in Parkland, Florida, a number of companies cut ties with the National Rifle Association. Avis, United Airlines, Best Western, MetLife, Symantec and others announced they would discontinue various affiliate programs that offered discounts to NRA members. Chubb also said that it would no longer offer NRA-branded personal liability insurance that provided coverage for gun owners facing legal and other costs related to self-defense shootings (although the insurer did say that the decision to end the program was made months earlier). Meanwhile, retailers like Walmart, Dick’s Sporting Goods and Kroger announced that they would no longer sell guns to anyone under 21. After ending its own NRA discount program, Delta Airlines faced immediate blowback from its decision when Georgia lawmakers killed a proposed tax break on jet fuel that would have been worth an estimated $38 million to the Atlanta-based company. In response, officials from states including New York, Virginia, Washington and Ohio invited the airline to move its headquarters to their state. Seventeen students and teachers were killed in the Stoneman Douglas massacre, the deadliest school shooting in the United States since 26 were killed at Sandy Hook Elementary School in 2012.

Chubb Denies Coverage to Harvey Weinstein

harvey weinstein chubb insuranceIn February, Chubb filed a suit in New York seeking a declaratory judgment that personal liability policies issued to disgraced Hollywood producer Harvey Weinstein do not provide coverage for defense costs and damages arising from the sexual assault and sexual harassment lawsuits he is facing. “The policies define an ‘occurrence’ in whole or part as an ‘accident’ or as an ‘accident or offense.’ The underlying lawsuits allege that the claimed damages arose out of Mr. Weinstein’s ongoing and pervasive, and allegedly criminal, acts of premeditated, forcible, nonconsensual sexual and physical assault, physical threats and abuse in the context of Weinstein’s invitation to his victims to discuss potential acting or producing roles in the film industry,” the suit explains. “Chubb advised Mr. Weinstein that such egregious, intentional acts by Mr. Weinstein do not constitute an ‘accident’ or an ‘offense.’” The insurer also stated that the policies in question contain exclusions for “intentional acts,” “molestation, misconduct or abuse,” “discrimination,” “director’s liability,” and “business pursuits.” In addition, New York public policy prohibits insurance coverage for intentional wrongful acts.

Equifax Identifies 2.4 Million Additional Data Breach Victims

An ongoing forensic investigation revealed that an additional 2.4 million Americans had their personal information exposed in last year’s Equifax data breach, bringing the total number of U.S. victims to a record 147.9 million. Equifax said only the names and partial driver’s license information of these consumers were stolen, and since investigators were initially focusing on compromised Social Security numbers, they overlooked this group. “This is not about newly discovered stolen data,” said interim Equifax CEO Paulino do Rego Barros, Jr. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.” As it did with the original victims, Equifax will notify these consumers directly and offer them free identity theft protection and credit monitoring services. The credit rating company has projected that costs related to the breach will reach $439 million by the end of this year. It also faces hundreds of class action lawsuits and is under investigation by the Federal Trade Commission and all 50 state attorneys general.

Hackers Hijack Computers to Mine Cryptocurrency

crypto mining cryptojackingWith bitcoin and other cryptocurrencies going up in value, hackers are increasingly resorting to illicit methods to mine for the digital coins. In a practice known as “cryptojacking,” attackers install malware on computers and mobile devices that allows them to secretly use the device’s processing power to perform the complex functions necessary to create units of cryptocurrency. These resource-intensive operations consume large amounts of electricity and can compromise the functionality of the victim’s system. In February alone, researchers discovered a cryptojacking campaign that had impacted more than 4,000 websites, including some U.S. and U.K. government pages, while another targeted millions of Android devices. Critical infrastructure security firm Radiflow also discovered cryptocurrency mining malware in the operational network of a European water utility that it said had a “significant impact” on systems.

SEC Issues Guidance on Cybersecurity Disclosures

sec cybersecurityThe U.S. Securities and Exchange Commission recently issued new guidance to public companies on how they should prepare disclosures about cybersecurity risks and incidents. Among their recommendations, the commission suggested that companies should be prepared to inform investors not only of material cybersecurity risks and incidents, but the range of harm that a cyber incident might cause to a company, including impacts to its “reputation, financial performance, and customer and vendor relationships, as well as the possibility of litigation or regulatory investigations or actions, including regulatory actions by state and federal governmental authorities and non-U.S. authorities.” Companies also need to put controls and procedures in place to ensure disclosure is timely and accurate, as well as take steps to prevent insider trading by directors, officers and other personnel who become aware of cybersecurity incidents before public disclosure.


Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)