In a recent decision from the U.S. District Court for the District of Utah, Judge Ted Stewart held that a cyber risk insurance policy did not afford a duty to defend against several claims made against the policyholder for intentional torts, including conversion and tortuous interference. Travelers Prop. Cas. Co. of Am. v. Fed. Recovery Services, Inc.,No. 14-cv-170 (D. Utah May 11, 2015).  The decision pitted Travelers against two data processing companies, Federal Recovery Services (FRS) and Federal Recovery Acceptance, Inc. (FRA), which had purchased Travelers’ cyber risk policy, called CyberFirst®, which included coverage for “any error, or omission or negligent act.” The underlying suit for which FRA and FRS were seeking coverage involved Global Fitness, a company owning a chain of fitness stores in several states. Global Fitness provided FRA with customer information, including credit card and bank account information. FRA would then process the information, transferring the members’ fees to Global Fitness. Global Fitness subsequently entered into an Asset Purchase Agreement (APA) with L.A. Global Fitness informed FRA of the APA, and, according to the decision, FRA willingly agreed to transfer the member information back to Global Fitness. While FRA apparently produced some of the data, however, it withheld critical pieces of information, including “credit card, checking account, and savings account information.” Instead, FRA sought “’demands for significant compensation’” in exchange for transferring the remaining customer data. Global Fitness subsequently filed claims against FRA for “conversion, tortious interference, and breach of contract” and requesting “injunctive relief, punitive damages, and attorney fees.” Ultimately, Travelers refused to defend FRA and FRS on the grounds that neither the original nor the amended complaints alleged damages from an “error, omission or negligent act.” In ruling for Travelers, the court applied black letter insurance law: “an insurer’s duty to defend is determined by comparing the language of the insurance policy with the allegations in the complaint.” The court held that Global Fitness’s complaint alleged not that FRA erred or was negligent in handling customer information; rather, Global Fitness argued FRA acted with “knowledge, willfulness, and malice” in withholding the information, reducing the value of the APA.  Finding no potential for coverage in these allegations, the court ruled against the policyholder.