A British jeweler sued an insurance company that denied coverage for a $7.5 million bitcoin ransom payment. The jeweler paid the hacker to prevent sensitive customer data from being exposed.
Insurance Company Faces Lawsuit for Refusing to Cover Bitcoin Ransom Payment
British luxury jeweler Graff sued insurer Travelers Companies for refusing to cover bitcoin ransom payments, Bloomberg reported last week.
The jeweler paid a $7.5 million ransom in bitcoin after the Russian hacking group Conti threatened to compromise the data of the company’s largest customers, including Middle Eastern royalty. Graf negotiated the ransom payment amount with the hackers and succeeded in reducing it from $15 million.
Conti attacked Graff last September, leaking data on royal families in Saudi Arabia, the United Arab Emirates (UAE), and Qatar. The hacker apologized to the families, but said he may need to leak more data from Graph.
“Our goal is to publish as much information as possible on the graphs about the financial declarations of neoliberals in the US, UK and EU who engage in unpleasantly expensive purchases when their countries are collapsing under economic duress,” the hacker group reportedly said.
While authorities recommend that individuals and companies pay the ransom, there are situations where it is beneficial to do so, especially when the damage inflicted by a cyber attack is greater than the cost of the ransom.
Some insurance companies offer cyber insurance policies that cover encrypted ransom payments. However, experts warn that by paying insurance claims from companies that have paid ransoms, insurers are inadvertently funding organized crime.
Ciaran Martin, founding CEO of the UK’s National Cyber Security Center (NCSC), explained last year that “people are paying criminals in bitcoins and insisting they get their cash back.” He emphasized.” I believe this is very avoidable. At this point, companies have an incentive to solve this whole problem by paying ransoms. We need to seriously consider amending the law on insurance to prohibit these payments, or at least have extensive consultations with the industry.”
Regarding Graf’s ransom payments, a company spokesperson said, ” The perpetrators targeted and threatened to publicize personal purchases of our customers. We were determined to do everything in our power to protect their interests and negotiated a payment that successfully neutralized the threat.”
The jewelry company added:
We are very frustrated and disappointed with Travelers’ attempts to avoid settlement of this insurance risk. They have left us with the option of going through this collection process in the Superior Court.
Image credit: Shutterstock, Pixabay, Wiki Commons