In 2013, Target suffered a severe data breach that compromised the payment card information of millions of its customers. After the company settled with card issuers who had brought a class action suit for their costs incurred in canceling and replacing the cards, Target’s insurer denied coverage for the settlement, saying that no “occurrence” had taken place. In their article for Law360, Partners Jacquelyn Mohr and Nathan Davis, and Senior Managing Associate Tae Andrews Target Corp. v. ACE American Insurance Co., which recognized that examined the March 22, 2022, ruling in Commercial General Liability (CGL) policies cover losses arising from data breaches.

The attorneys discussed three key takeaways for businesses that experience data breaches and have CGL policies, including:

  • Courts will analyze whether an “occurrence” has taken place from the policyholder’s point of view;
  • “Loss of use” covers instances where property, in this case the cards, cannot be safely used; and
  • CGL policies can cover data breach losses.

Read the full Law360 article here (subscription required).