Businessinsurance.com reported that a federal court ruled that P.F. Chang’s cyber policy covered “direct loss, legal liability, and consequential loss resulting from cyber security breaches” but “Chang’s and other merchants are unable to process credit card transactions themselves and must enter into agreements with third parties.”  My friend Judy Greenwald’s June 2, 2016 article entitled “Chubb scores victory in key cyber ruling” reported that:

On June 10, 2014, Chang’s learned that computer hackers had obtained and posted on the internet about 60,000 credit card numbers belonging to its customers, and the company notified Federal Insurance of the breach that same day.

US District Judge Stephen M. McNamee granted summary judgment to Federal Insurance Co (a unit of Chubb) on June 1, 2016 in the case of P.F. Chang’s China Bistro Inc. v. Federal Insurance Co. that after Bank of America requested reimbursement from P.F. Chang of $1.9 that:

(Bank of America) did not sustain a privacy Injury itself, and therefore cannot maintain a valid claim for injury against Chang’s.

Judy included this observation from policyholder attorney Robert D. Chesler (Anderson Kill P.C., Newark, New Jersey) that he:

…believes this is the first ruling on a cyber insurance policy, and is important because it could signal a wave of litigation between cyber insurers and policyholders

There may be an appeal so it may not be over yet!