Eleventh Circuit Case Alert: Email Scam is Covered Loss

11th Circuit is Third Appellate Court to Uphold Coverage for Email Scam

On Monday, December 9, 2019, the Eleventh Circuit ruled that Ironshore Indemnity Co. must provide commercial crime coverage for a $1.7 million email scam loss by its insured Principle Solutions Group LLC, an Atlanta-based IT company. The decision upholding a Georgia federal court’s verdict was the third ruling by an appellate court affirming rulings by lower courts that crime policies must cover social engineering (email based) scams. Last year, similar decisions were reached by the Second and Sixth Circuits.


In July 2015, an employee of Principle Solutions Group, Loann Lien, received a fraudulent email that appeared to be from her boss, Josh Nazarian, stating that the company was making an acquisition and instructing her to work with Mark Leach, an attorney, to make a wire transfer the same day. Upon receipt of the email, according to court documents, Lien called “Leach” and received the wire transfer instructions that resulted in a loss of $1.72 million to the IT company. The scammer was never caught, according to court documents.

Ironshore originally rejected Principle’s claim because it contended that the initial email did not provide wire transfer instructions, stating its policy provision required losses to be a direct result of fraudulent instructions. Principle’s position was that the original email set the disastrous chain of events in motion. As a result of the coverage denial, Principle sued Ironshore for breach of contract and bad faith in Georgia federal court in November 2015.

The policy defined fraudulent instruction as a computer, phone or other instruction appearing to have been issued by a company employee.

In the original decision in August 2016, U.S. District Judge Richard W. Story of the Northern District of Georgia ruled the policy language was vague and confusing. The subsequent steps that resulted in the loss were irrelevant, according to Story’s ruling.


The Eleventh Circuit affirmed the lower court’s opinion that Ironshore must provide coverage.

In its appeal, Ironshore put forth two arguments:

  1. None of the communications between Lien and the fraudster met the policy definitions for fraudulent instruction.
  2. That the original email did not directly cause Principle’s loss.

Rejecting the first argument, the majority decision stated that the initial email provided fraudulent instruction in directing Lien to work with “attorney Mark Leach.”

The majority wrote, under Georgia law, the phrase “resulting directly from” is synonymous with proximate causation, which doesn’t require an “immediate link” between an event and a loss, as Ironshore argued.

“Instead, [proximate cause] encompasses ‘all of the natural and probable consequences’ of an action, ‘unless there is a sufficient and independent intervening cause,’” the majority explained.

“The email told Lien, ‘I will need you to make the initial wire as soon as possible, for which you have my full approval to execute,’” the majority stated. And, a subsequent email from the pretend attorney specified “the amount of the wire transfer, the recipient bank, and the purported beneficiary of the transfer,” the majority found.

“That email remedied any possible lack of detail,” Judge Pryor wrote.

U.S. Circuit Judge Gerald Tjoflat wrote a lengthy dissent in which he pointed to 11 different events that transpired between the original email and the resulting fraudulent transfer. Judge Tjoflat’s dissent stated he would have left the decision of whether the first email was the proximate cause of Principle’s financial loss to a jury.

His dissent stressed the hold Wells Fargo placed on the transfer and emails Wells Fargo sent to Lien warning her of potentially fraudulent activity. Until Lien communicated further with the fake attorney and forwarded additional information to Wells Fargo, the bank would not release the hold on the transfer. Judge Tjoflat wrote that Lien’s numerous communications with Wells Fargo “arguably short-circuited” the chain of causation between the initial email and Principle’s loss.

Holding and Takeaway

When policy holders are denied coverage, it’s important to take a critical look at the original policy language as well as the stated reasons for the denial of coverage. A seasoned insurance coverage attorney is invaluable in helping to evaluate whether the reasons for denying coverage are valid. In this case, it was the difference in being compensated for a $1.7 million loss.

To discuss cyber loss coverage claim or for additional information, contact Austin Bersinger at (404) 965-3692.