A project manager returns home after a long weekend to find that his house has been burglarized. After taking stock of the situation, the PM realizes that his company laptop is among the missing items.
Fortunately, he has been very diligent in changing his password every 90 days. Unfortunately, because of the frequent password variations, he has taken to writing the current password on a sticky note and placing it just to the right of the trackpad.
The exposed data on the computer includes private billing and financial information for over 250 clients as well as unique schematic design concepts owned by those clients.
Due to notification laws, the company is required to notify all affected parties immediately. Soon after, several of the clients file a lawsuit.
The clients sue the insured for $2,500,000 in damages resulting from the alleged failure to protect their private financial information and the release of proprietary schematic designs.
The case is settled before trial, but the firm incurs $500,000 for defense and settlement costs. Not to mention the $180,000 necessary to comply with federal breach notification laws.
This claim is not covered under the firm's professional liability policy, as there is no allegation of negligence in the design work. Instead, the defense, settlement and notification costs are covered by the firm's cyber liability policy.