Several companies around the country are engaged in litigation with insurers that have denied coverage under Computer Crime and Fraud policies for sophisticated phishing schemes. The insurers have generally argued that the policies do not reach situations in which company employees are deceived into transferring funds, but are instead limited to more traditional hacking schemes where computer files are unknowingly accessed. One such case is Medidata Solutions Inc. v. Federal Insurance Co., No. 15-cv-907 (S.D.N.Y. filed Feb. 6, 2015), in which a Medidata employee was duped into transferring $4.8 million to a Chinese bank account when a fraudster posed as a company executive in an email and convinced the employee to transfer the funds. The fraud was discovered too late to stop the transfer, and Federal Insurance Co. has denied the claim. The dispute turns on several definitions in the policy, including whether the fraudulent email constitutes “fraudulent entry of data” or whether that phrase is limited to involuntary transfers of funds without involvement of company employees. The district court has denied both parties’ summary judgment motions and has ordered discovery about how the phishing attack occurred.