Fishbowl Solutions, Inc. v. The Hanover Insurance Company

Filing 50

MEMORANDUM OPINION AND ORDER overruling 47 Objection filed by Plaintiff Fishbowl Solutions, Inc.; and affirming 45 Order by Magistrate Judge. (Written Opinion) Signed by Judge Susan Richard Nelson on 5/9/2022. (WTW) Modified text on 5/9/2022 (SMD).

Download PDF
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 1 of 13 UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Fishbowl Solutions, Inc., Case No. 21-cv-00794 (SRN/BRT) Plaintiff, MEMORANDUM OPINION AND ORDER v. The Hanover Insurance Company, Defendant. Joseph A. Nilan, Daniel A. Ellerbrock, and Nicholas J. Sideras, Gregerson, Rosow, Johnson & Nilan, Ltd., 100 Washington Avenue South, Suite 1550, Minneapolis, MN 55401, for Plaintiff. Scott G. Johnson and Rebecca Zadaka, Robins Kaplan LLP, 800 LaSalle Avenue, Suite 2800, Minneapolis, MN 55402; and Erica Ramsey, Robins Kaplan LLP, 140 North Philips Avenue, Sioux Falls, SD 57104, for Defendant. SUSAN RICHARD NELSON, United States District Judge This matter is before the Court on the Objection [Doc. No. 47] filed by Plaintiff Fishbowl Solutions, Inc. (“Fishbowl”) to Magistrate Judge Becky R. Thorson’s April 6, 2022 Order (the “Order”) [Doc. No. 45], denying Plaintiff’s motion to amend. Based on a review of the files, submissions, and proceedings herein, and for the reasons below, the Court OVERRULES the Objection and AFFIRMS the Order. I. BACKGROUND A. The Parties Plaintiff Fishbowl is a Minnesota company with its principal place of business in Saint Louis Park, Minnesota. (Proposed First Am. Compl. [Doc. No. 26] (“Proposed Am. 1 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 2 of 13 Compl.”) ¶ 5.) Defendant The Hanover Insurance Company (“Hanover”) is a New Hampshire insurance company with its principal place of business in Massachusetts. (Id. ¶ 6.) B. Factual Background 1. Fishbowl’s Business Fishbowl is a software company. (See id. ¶ 9.) It creates and customizes packaged software for its customers using the latest technologies. (Id.) This software helps customers innovate and access information. (Id.) Fishbowl’s Senior Staff Accountant is Wendy Williams. (Id. ¶ 10.) She uses her email account to send invoices to customers and to communicate with customers regarding payment of those invoices. (See id. ¶ 11.) 2. The Policy Hanover issued a Technology Professional Liability Policy to Fishbowl, for the policy period July 17, 2019, through July 17, 2020. (Id. ¶¶ 3, 27; Declaration of Scott G. Johnson [Doc. No. 32] Ex. 1 (the “Policy”).) The Policy provides “Cyber Business Interruption and Extra Expense” coverage (the “Coverage”), as follows: We will pay actual loss of “business income” and additional “extra expense” incurred by you during the “period of restoration” directly resulting from a “data breach” which is first discovered during the “policy period” and which results in an actual impairment or denial of service of “business operations” during the “policy period.” (Policy § A.b.1.b.(5); Proposed Am. Compl. ¶ 30.) The term “[b]usiness income” includes net income “that would have been earned or incurred if there had been no impairment or denial of ‘business operations’ due to a covered ‘data breach.’ ” (Policy § F.4.a; Proposed 2 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 3 of 13 Am. Compl. ¶ 31.) “Business operations” means Fishbowl’s “usual and regular business activities.” (Policy § F.5; Proposed Am. Compl. ¶ 35.) “Data breach” is defined in seven different ways in the Policy. (Policy § F.9.) 3. The “man in the middle” attack 1 In November of 2019, an unknown individual (“fraudster”) gained unauthorized access to Ms. Williams’ e-mail account. (Proposed Am. Compl. ¶ 10.) Once inside Ms. Williams’ e-mail account, the fraudster created certain “rules” to redirect certain e-mail communications within the e-mail system. (Id. ¶ 12.) One rule redirected e-mail communications containing certain keywords to an e-mail account that is not associated with Fishbowl. (Id. ¶ 13.) Another rule marked e-mail communications sent from “” as having already been “read,” and automatically stored them in the “RSS Subscriptions” folder. (Id. ¶ 14.) These rules prevented Ms. Williams from noticing certain e-mail communications, including e-mails from Federated Insurance regarding invoice payments. (Id. ¶¶ 12–14, 22.) The purpose of the scheme was to trick Fishbowl’s customers into paying invoices to the fraudster without Fishbowl noticing. (See id. ¶¶ 16–26.) Pursuant to this scheme, the fraudster directed six of Fishbowl’s customers to change how and where to make their payments. (Id. ¶ 22.) By employing a variety of techniques to conceal the scheme, the fraudster posed as Ms. Williams when communicating by e-mail with Federated Insurance. The term “man in the middle” refers to when “a person invades a system and masquerades as one or more of the entities involved in a communication.” (Proposed Am. Compl. ¶ 2.) 1 3 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 4 of 13 (Id. ¶¶ 16, 18, 21.) And the fraudster posed as Federated Insurance when communicating by e-mail with Ms. Williams. (Id. ¶¶ 16–18.) As a result of the scheme, Federated Insurance made two payments to the fraudster, totaling $176,962. (Id. ¶ 24.) Fishbowl discovered the scheme on January 17, 2020. (Id. ¶ 22.) After informing the six customers about the scheme, five of them were able to recall or redirect their payments. (Id. ¶ 23.) However, Federated Insurance was unable to do so. (Id.) Although the United States Secret Service recovered $29,035.79 of the monies paid by Federated Insurance to the fraudster, Fishbowl suffered a loss of the difference, which totaled $147,926.21. (Id. ¶¶ 25–26.) 4. The Insurance Claim In January of 2020, Hanover received Fishbowl’s insurance claim seeking reimbursement for business interruption and losses due to the fraudster’s conduct. (Id. ¶¶ 36–37.) Within a few weeks, Hanover denied the claim. (Id. ¶¶ 41, 43.) Fishbowl challenged the denial, and consequently, the parties disputed coverage over the next several months. (See id. ¶¶ 40, 42, 45–72.) 5. Fishbowl’s Complaint to the Minnesota Department of Commerce After nine months of disputing coverage, Fishbowl filed a complaint with the Minnesota Department of Commerce. (Id. ¶ 73.) In response, Hanover’s Property Claims Director, Jason Cormier, reviewed the claim again. (Id. ¶¶ 74–75.) He concluded, for Hanover’s sixth time, that this fraudulent scheme was not covered by the Policy, 4 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 5 of 13 memorializing his conclusion in a letter denying coverage on November 19, 2020. (Id. ¶¶ 74, 77.) C. Procedural History 1. The Civil Suit On March 24, 2021, Fishbowl filed the Complaint, alleging breach of contract and seeking declaratory and monetary relief. (Compl. [Doc. No. 1] ¶¶ 71–81.) During discovery, Fishbowl deposed Cormier. (Proposed Am. Compl. ¶ 78.) Fishbowl alleges that Cormier testified that, as defined by the Policy, Fishbowl “sustained a data breach” and “had suffered an actual loss of business income.” (Id.) 2. Plaintiff’s Motion to Amend On December 1, 2021, Fishbowl timely moved to amend the Complaint [Doc. No. 26], seeking to add a claim for bad faith under Minn. Stat. § 604.18. (Pl.’s Mem. [Doc. No. 28] at 1.) Fishbowl contends that Hanover acted with bad faith by repeatedly ignoring, and by failing to properly investigate, its claim and by failing to cover its loss. (Id.) Especially in light of Cormier’s alleged concession that this was a data breach covered by the Policy, Plaintiff contends that Hanover acted in bad faith. (Id.) 3. The Order The magistrate judge denied the motion to amend as futile. (Order at 13.) In reaching that decision, the court analyzed whether Plaintiff had plausibly plead a claim for bad faith under Minn. Stat. § 604.18 in the Proposed Amended Complaint. (See id. 5–12.) Under the first prong of the two-prong test, the magistrate judge found that Fishbowl had plausibly plead that Hanover lacked a reasonable basis for denying the Policy’s benefits. 5 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 6 of 13 (Id. at 7–9.) The court explained that Cormier’s alleged deposition testimony that Fishbowl suffered a data breach and business loss under the Policy suggests an “ ‘absence of a reasonable basis’ for his earlier denial of coverage.” (Id. at 8–9.) But the magistrate judge found that Fishbowl failed to plausibly plead the second prong of the test. (See id. at 7, 9–12.) The court concluded that it is an unresolved legal question whether the Coverage applied to losses caused by a “man in the middle” cyberattack. (Id. at 11–12.) Because the law is unresolved, the court found the issue “fairly debatable,” and therefore, cannot serve as a basis for a claim of bad faith. (Id. at 12.) Accordingly, the magistrate judge denied the motion to amend as futile. (Id. at 13.) 4. The Objection Fishbowl objects to the Order, making two arguments. First, Fishbowl contends that it plausibly plead a claim for bad faith under Minn. Stat. § 604.18. (Obj. at 8.) Second, Fishbowl contends that the magistrate judge improperly relied on information outside of the pleadings. (Id. at 9–13.) II. DISCUSSION A. Legal Standard A district court conducts a de novo review of a magistrate judge’s denial of a motion to amend based on futility. Magee v. Trustees of the Hamline Univ., Minn., 957 F. Supp. 2d 1047, 1062 (D. Minn. 2013). Rule 15(a) of the Federal Rules of Civil Procedure provides that “[t]he court should freely give leave [to amend a pleading] when justice so requires.” Fed. R. Civ. P. 15(a)(2). But “[a] district court may appropriately deny leave to amend where there are compelling reasons such as . . . futility of the amendment.” 6 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 7 of 13 Secs., Inc. v. Comprehensive Software Sys., Inc., 406 F.3d 1052, 1065 (8th Cir. 2005) (internal quotation marks omitted). Amendment is futile where the proposed amended claim would not withstand a motion to dismiss for failure to state a claim. See Lunsford v. RBC Dain Rauscher, Inc., 590 F. Supp. 2d 1153, 1158 (D. Minn. 2008). When considering a motion to dismiss under Rule 12(b)(6), the Court accepts the facts alleged in the complaint as true and views those allegations in the light most favorable to the plaintiff. Hager v. Arkansas Dep’t of Health, 735 F.3d 1009, 1013 (8th Cir. 2013). However, the Court need not accept as true wholly conclusory allegations or legal conclusions couched as factual allegations. Id. In addition, the Court ordinarily does not consider matters outside the pleadings on a motion to dismiss. See Fed. R. Civ. P. 12(d). Matters outside the pleadings include “any written or oral evidence in support of or in opposition to the pleading that provides some substantiation for and does not merely reiterate what is said in the pleadings,” as well as statements of counsel at oral argument that raise new facts not alleged in the pleadings. Hamm v. Rhone-Poulenc Rorer Pharm., Inc., 187 F.3d 941, 948 (8th Cir. 1999) (internal quotation marks and citation omitted). The Court may, however, “consider the pleadings themselves, materials embraced by the pleadings, exhibits attached to the pleadings, and matters of public record.” 2 Illig v. Union Elec. Co., 652 F.3d 971, 976 (8th Cir. 2011) (internal quotation marks and citation omitted). For purposes of this motion, the Court has considered the Proposed Amended Complaint and the Policy. 2 7 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 8 of 13 To survive a motion to dismiss, a complaint must contain “enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). Although a complaint need not contain “detailed factual allegations,” it must allege facts with enough specificity “to raise a right to relief above the speculative level.” Id. at 555. “Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements,” are insufficient. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (citing Twombly, 550 U.S. at 555). B. Analysis The Minnesota Legislature has created a private cause of action to penalize bad faith denial of benefits by insurance providers. See Minn. Stat. § 604.18. Under the statute, a party, after commencing a civil suit, “may make a motion to amend the pleadings to claim recovery of taxable costs.” Id., subd. 4. The applicable legal basis for establishing a claim under the statute is a two-prong test, which is as follows: The court may award as taxable costs to an insured . . . if the insured can show: (1) the absence of a reasonable basis for denying the benefits of the insurance policy; and (2) that the insurer knew of the lack of a reasonable basis for denying the benefits of the insurance policy or acted in reckless disregard of the lack of a reasonable basis for denying the benefits of the insurance policy. Id., subd. 2(a). At this stage of the proceedings, plaintiff needs to plausibly plead facts that demonstrate each prong of the test in accordance with Rule 15 of the Federal Rules of Civil Procedure. See Selective Ins. Co. of S.C. v. Sela, 353 F. Supp. 3d 847, 866 (D. Minn. 2018). 8 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 9 of 13 Because the amendment was denied as futile, the Court conducts a de novo review of the magistrate judge’s order. 1. The First Prong The Minnesota Supreme Court has held that “the first prong of the section 604.18 standard is an objective test.” Peterson v. W. Nat’l Mut. Ins. Co., 946 N.W.2d 903, 910 (Minn. 2020). The pertinent question is “whether a reasonable insurer under the circumstances would not have denied the insured the benefits of the insurance policy.” Id. Here, Plaintiff alleges, in the Proposed Amended Complaint, that Hanover lacked a reasonable basis for denying the Policy benefits. Simply put, Plaintiff alleges that Cormier testified that “Fishbowl sustained a data breach” and that “Fishbowl had suffered an actual loss of business income” as defined under the Policy. (Id.) Assuming this is true, Hanover lacked a reasonable basis to deny Plaintiff the Policy’s benefits. Put differently, a reasonable insurer would not have denied the benefits when there was a covered data breach. Accordingly, the Court finds that Plaintiff has plausibly plead the first prong. 3 2. The Second Prong The second prong is a subjective test, requiring a certain mens rea on the part of the insurer. Peterson, 946 N.W.2d at 912. Specifically, it requires “an insured to prove that the insurer knew, or recklessly disregarded or remained indifferent to information that The Court finds that Plaintiff has plausibly plead the first prong based on Cormier’s alleged testimony and, therefore, does not address Plaintiff’s alternative argument that Hanover’s investigation was objectively unreasonable. 3 9 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 10 of 13 would have allowed it to know, that it lacked an objectively reasonable basis for denying the insured’s claim for benefits.” Id. Here, Plaintiff contends that it has plausibly plead the second prong by alleging that Hanover’s investigation was unreasonable. (Proposed Am. Compl. ¶¶ 36–72, 79–82.) Plaintiff alleges that Hanover’s investigation “failed to: request supplemental documentation from Fishbowl; obtain police reports regarding the incident; contact any relevant third parties; secure a formal statement from Williams; obtain recorded statements from any relevant individuals; or retain an expert to examine Fishbowl’s system.” (Id. ¶ 40, 49.) Similarly, Plaintiff contends that Hanover failed to reasonably evaluate whether first-party coverage was available under the Policy. (Id. ¶ 43, 52.) Given these failures, Plaintiff contends that Hanover’s investigation was unreasonable and thus asserts that it has plausibly plead the second prong. (See Obj. at 7–8.) Even if Plaintiff is correct as to the failures of Hanover’s investigation, a district court will not grant a motion to amend the pleadings to add a bad faith claim where it is “fairly debatable” whether coverage applies. See, e.g., Swanny of Hugo, Inc. v. Integrity Mut. Ins. Co., No. A15-0370, 2015 WL 9437571, at *7 (Minn. Ct. App. Dec. 28, 2015) (affirming the district court’s denial of the motion to amend to add a bad faith claim under Minn. Stat. § 604.18 based in part on a finding that the claim was “fairly debatable”); Homestead Hills Homeowner Ass’n v. Am. Family Mut. Ins. Co., No. A12-0703, 2012 WL 5896829, at *4 (Minn. Ct. App. Nov. 26, 2012) (same); Friedberg v. Chubb & Son, Inc., 800 F. Supp. 2d 1020, 1029 (D. Minn. 2011) (holding that the insurer’s interpretation was “at a minimum, fairly debatable,” which “precludes a finding of bad faith”); The Nw. Mut. 10 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 11 of 13 Life Ins. Co. v. Weiher, Civ. No. 12-1430 (SRN/JSM), 2016 WL 6917204, at *17 (D. Minn. July 11, 2016) (“[The insurer’s] decision to rescind the policy is ‘fairly debatable,’ rendering the bad faith claim futile.”); Borchardt v. State Farm Fire & Cas. Co., No. 16cv-00055 (PJS/KMM), 2017 WL 8315883, at *7 (D. Minn. Apr. 26, 2017) (“[T]he prima facie evidence submitted in support of the motion to amend shows that the plaintiffs’ claim was fairly debatable, and State Farm was entitled to debate it.”). Here, Hanover argues that the Coverage does not apply. (Def.’s Opp’n at 7–11.) First, Hanover argues that the Coverage only applies to potential earnings. (Id. at 7–8.) Because Fishbowl alleges that it continued to earn revenue, but did not receive those payments due to the cybercriminal, Hanover argues that there are no lost prospective earnings that trigger the Coverage. (Id. at 8.) Second, Hanover argues that Plaintiffs’ “business operations” were never interrupted. (Id.). For example, Hanover contends that there is no “period of restoration.” (Id. at 9.) A “period of restoration,” Hanover contends, limits coverage to the time during which an actual impairment or denial to Fishbowl’s “business operations” is restored. (Id.) Because Fishbowl does not allege that it restored its business operations, Hanover argues that it had a reasonable basis to deny coverage. (Id.) Lastly, Hanover argues that, because it is an unresolved legal issue whether the Coverage applies to a “man in the middle” attack, it could not have acted in bad faith when denying coverage. (Id. at 11–12.) The Court finds that it is fairly debatable whether coverage applies. For example, Plaintiff alleges that a data breach triggered the Coverage. (Proposed Am. Compl. ¶¶ 36, 11 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 12 of 13 46, 53, 70.) To support this claim, Plaintiff cites the following “data breach” definition from the Policy: The failure or violation of the security of your “system” including the impairment or denial of access to your “system”, including a “Cyber Attack” or unauthorized acts or omissions by a “rogue employee” which damages or harms your “system” or the “system” of a third party for whom you provide “services” for a fee. (Id. ¶ 34.) But Plaintiff cites no authority establishing that a “man in the middle” cyberattack meets that definition. In fact, Plaintiff concedes that this is an open legal issue. (Hr’g Tr. [Doc. No. 48] 23:8–10.) And insurers are permitted to dispute coverage on open legal issues. See Sela, 353 F. Supp. 3d at 865 (“[B]ad faith arises only when the insurer has no ‘reasonable basis’ for its construction of the policy.”); Borchardt, 2017 WL 8315883, at *7 (explaining that the insurer is “entitled to debate” an issue that is fairly debatable); see also Philadelphia Indem. Ins. Co. v. Youth Alive, Inc., 732 F.3d 645, 650 (6th Cir. 2013) (explaining that, under Kentucky law, an “unresolved legal issue” means that the claim is “fairly debatable as a matter of law and will not support a claim of bad faith.” (internal quotation marks omitted).) Even if Plaintiff’s legal interpretation of the Policy might prevail, the fact that the issue is legally debatable precludes a bad faith claim. Minnesota law only permits amendment to add a bad faith claim in “the absence of a reasonable basis.” Minn. Stat. § 604.18, subd. 2 (emphasis added). Put differently, the insurer’s interpretation must be more than merely incorrect—it must be unreasonable. See Sela, 353 F. Supp. 3d at 865 (D. Minn. 2018) (“Bad faith does not arise simply because the insurer’s construction of the policy was subsequently found to be legally incorrect.” (internal quotation marks omitted)). 12 CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 13 of 13 In the absence of any caselaw that controls whether a “man in the middle” attack constitutes a data breach on the Policy, the Court finds Hanover’s interpretation reasonable. See Friedberg, 800 F. Supp. 2d at 1027 (“[The insurer’s] interpretation of the terms, is at the very least fairly debatable and thus not in bad faith.”). For these reasons, the Court finds that it is fairly debatable whether the Coverage applies and thus Plaintiff’s amendment is futile. III. CONCLUSION Based on the submissions and the entire file and proceedings herein, IT IS HEREBY ORDERED that: 1. Plaintiff Fishbowl Solutions, Inc.’s Objection [Doc. No. 47] is OVERRULED; and 2. The Magistrate Judge’s April 6, 2022 Order [Doc. No. 45] is AFFIRMED. Dated: May 9, 2022 s/ Susan Richard Nelson SUSAN RICHARD NELSON United States District Judge 13

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?