Fishbowl Solutions, Inc. v. The Hanover Insurance Company
Filing
50
MEMORANDUM OPINION AND ORDER overruling 47 Objection filed by Plaintiff Fishbowl Solutions, Inc.; and affirming 45 Order by Magistrate Judge. (Written Opinion) Signed by Judge Susan Richard Nelson on 5/9/2022. (WTW) Modified text on 5/9/2022 (SMD).
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 1 of 13
UNITED STATES DISTRICT COURT
DISTRICT OF MINNESOTA
Fishbowl Solutions, Inc.,
Case No. 21-cv-00794 (SRN/BRT)
Plaintiff,
MEMORANDUM OPINION AND
ORDER
v.
The Hanover Insurance Company,
Defendant.
Joseph A. Nilan, Daniel A. Ellerbrock, and Nicholas J. Sideras, Gregerson, Rosow,
Johnson & Nilan, Ltd., 100 Washington Avenue South, Suite 1550, Minneapolis, MN
55401, for Plaintiff.
Scott G. Johnson and Rebecca Zadaka, Robins Kaplan LLP, 800 LaSalle Avenue, Suite
2800, Minneapolis, MN 55402; and Erica Ramsey, Robins Kaplan LLP, 140 North
Philips Avenue, Sioux Falls, SD 57104, for Defendant.
SUSAN RICHARD NELSON, United States District Judge
This matter is before the Court on the Objection [Doc. No. 47] filed by Plaintiff
Fishbowl Solutions, Inc. (“Fishbowl”) to Magistrate Judge Becky R. Thorson’s April 6,
2022 Order (the “Order”) [Doc. No. 45], denying Plaintiff’s motion to amend. Based on a
review of the files, submissions, and proceedings herein, and for the reasons below, the
Court OVERRULES the Objection and AFFIRMS the Order.
I.
BACKGROUND
A.
The Parties
Plaintiff Fishbowl is a Minnesota company with its principal place of business in
Saint Louis Park, Minnesota. (Proposed First Am. Compl. [Doc. No. 26] (“Proposed Am.
1
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 2 of 13
Compl.”) ¶ 5.)
Defendant The Hanover Insurance Company (“Hanover”) is a New
Hampshire insurance company with its principal place of business in Massachusetts. (Id.
¶ 6.)
B.
Factual Background
1.
Fishbowl’s Business
Fishbowl is a software company. (See id. ¶ 9.) It creates and customizes packaged
software for its customers using the latest technologies.
(Id.)
This software helps
customers innovate and access information. (Id.)
Fishbowl’s Senior Staff Accountant is Wendy Williams. (Id. ¶ 10.) She uses her email account to send invoices to customers and to communicate with customers regarding
payment of those invoices. (See id. ¶ 11.)
2.
The Policy
Hanover issued a Technology Professional Liability Policy to Fishbowl, for the
policy period July 17, 2019, through July 17, 2020. (Id. ¶¶ 3, 27; Declaration of Scott G.
Johnson [Doc. No. 32] Ex. 1 (the “Policy”).) The Policy provides “Cyber Business
Interruption and Extra Expense” coverage (the “Coverage”), as follows:
We will pay actual loss of “business income” and additional “extra expense”
incurred by you during the “period of restoration” directly resulting from a
“data breach” which is first discovered during the “policy period” and which
results in an actual impairment or denial of service of “business operations”
during the “policy period.”
(Policy § A.b.1.b.(5); Proposed Am. Compl. ¶ 30.) The term “[b]usiness income” includes
net income “that would have been earned or incurred if there had been no impairment or
denial of ‘business operations’ due to a covered ‘data breach.’ ” (Policy § F.4.a; Proposed
2
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 3 of 13
Am. Compl. ¶ 31.) “Business operations” means Fishbowl’s “usual and regular business
activities.” (Policy § F.5; Proposed Am. Compl. ¶ 35.) “Data breach” is defined in seven
different ways in the Policy. (Policy § F.9.)
3.
The “man in the middle” attack 1
In November of 2019, an unknown individual (“fraudster”) gained unauthorized
access to Ms. Williams’ e-mail account. (Proposed Am. Compl. ¶ 10.) Once inside Ms.
Williams’ e-mail account, the fraudster created certain “rules” to redirect certain e-mail
communications within the e-mail system.
(Id. ¶ 12.)
One rule redirected e-mail
communications containing certain keywords to an e-mail account that is not associated
with Fishbowl.
(Id. ¶ 13.) Another rule marked e-mail communications sent from
“fedins.com” as having already been “read,” and automatically stored them in the “RSS
Subscriptions” folder. (Id. ¶ 14.) These rules prevented Ms. Williams from noticing
certain e-mail communications, including e-mails from Federated Insurance regarding
invoice payments. (Id. ¶¶ 12–14, 22.)
The purpose of the scheme was to trick Fishbowl’s customers into paying invoices
to the fraudster without Fishbowl noticing. (See id. ¶¶ 16–26.) Pursuant to this scheme,
the fraudster directed six of Fishbowl’s customers to change how and where to make their
payments. (Id. ¶ 22.) By employing a variety of techniques to conceal the scheme, the
fraudster posed as Ms. Williams when communicating by e-mail with Federated Insurance.
The term “man in the middle” refers to when “a person invades a system and
masquerades as one or more of the entities involved in a communication.” (Proposed Am.
Compl. ¶ 2.)
1
3
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 4 of 13
(Id. ¶¶ 16, 18, 21.) And the fraudster posed as Federated Insurance when communicating
by e-mail with Ms. Williams. (Id. ¶¶ 16–18.) As a result of the scheme, Federated
Insurance made two payments to the fraudster, totaling $176,962. (Id. ¶ 24.)
Fishbowl discovered the scheme on January 17, 2020. (Id. ¶ 22.) After informing
the six customers about the scheme, five of them were able to recall or redirect their
payments. (Id. ¶ 23.) However, Federated Insurance was unable to do so. (Id.) Although
the United States Secret Service recovered $29,035.79 of the monies paid by Federated
Insurance to the fraudster, Fishbowl suffered a loss of the difference, which totaled
$147,926.21. (Id. ¶¶ 25–26.)
4.
The Insurance Claim
In January of 2020, Hanover received Fishbowl’s insurance claim seeking
reimbursement for business interruption and losses due to the fraudster’s conduct. (Id.
¶¶ 36–37.) Within a few weeks, Hanover denied the claim. (Id. ¶¶ 41, 43.) Fishbowl
challenged the denial, and consequently, the parties disputed coverage over the next several
months. (See id. ¶¶ 40, 42, 45–72.)
5.
Fishbowl’s Complaint to the Minnesota Department of
Commerce
After nine months of disputing coverage, Fishbowl filed a complaint with the
Minnesota Department of Commerce. (Id. ¶ 73.) In response, Hanover’s Property Claims
Director, Jason Cormier, reviewed the claim again. (Id. ¶¶ 74–75.) He concluded, for
Hanover’s sixth time, that this fraudulent scheme was not covered by the Policy,
4
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 5 of 13
memorializing his conclusion in a letter denying coverage on November 19, 2020. (Id.
¶¶ 74, 77.)
C.
Procedural History
1.
The Civil Suit
On March 24, 2021, Fishbowl filed the Complaint, alleging breach of contract and
seeking declaratory and monetary relief.
(Compl. [Doc. No. 1] ¶¶ 71–81.)
During
discovery, Fishbowl deposed Cormier. (Proposed Am. Compl. ¶ 78.) Fishbowl alleges
that Cormier testified that, as defined by the Policy, Fishbowl “sustained a data breach”
and “had suffered an actual loss of business income.” (Id.)
2.
Plaintiff’s Motion to Amend
On December 1, 2021, Fishbowl timely moved to amend the Complaint [Doc. No.
26], seeking to add a claim for bad faith under Minn. Stat. § 604.18. (Pl.’s Mem. [Doc.
No. 28] at 1.) Fishbowl contends that Hanover acted with bad faith by repeatedly ignoring,
and by failing to properly investigate, its claim and by failing to cover its loss. (Id.)
Especially in light of Cormier’s alleged concession that this was a data breach covered by
the Policy, Plaintiff contends that Hanover acted in bad faith. (Id.)
3.
The Order
The magistrate judge denied the motion to amend as futile. (Order at 13.) In
reaching that decision, the court analyzed whether Plaintiff had plausibly plead a claim for
bad faith under Minn. Stat. § 604.18 in the Proposed Amended Complaint. (See id. 5–12.)
Under the first prong of the two-prong test, the magistrate judge found that Fishbowl had
plausibly plead that Hanover lacked a reasonable basis for denying the Policy’s benefits.
5
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 6 of 13
(Id. at 7–9.) The court explained that Cormier’s alleged deposition testimony that Fishbowl
suffered a data breach and business loss under the Policy suggests an “ ‘absence of a
reasonable basis’ for his earlier denial of coverage.” (Id. at 8–9.)
But the magistrate judge found that Fishbowl failed to plausibly plead the second
prong of the test. (See id. at 7, 9–12.) The court concluded that it is an unresolved legal
question whether the Coverage applied to losses caused by a “man in the middle” cyberattack. (Id. at 11–12.) Because the law is unresolved, the court found the issue “fairly
debatable,” and therefore, cannot serve as a basis for a claim of bad faith. (Id. at 12.)
Accordingly, the magistrate judge denied the motion to amend as futile. (Id. at 13.)
4.
The Objection
Fishbowl objects to the Order, making two arguments. First, Fishbowl contends
that it plausibly plead a claim for bad faith under Minn. Stat. § 604.18. (Obj. at 8.) Second,
Fishbowl contends that the magistrate judge improperly relied on information outside of
the pleadings. (Id. at 9–13.)
II.
DISCUSSION
A.
Legal Standard
A district court conducts a de novo review of a magistrate judge’s denial of a motion
to amend based on futility. Magee v. Trustees of the Hamline Univ., Minn., 957 F. Supp.
2d 1047, 1062 (D. Minn. 2013). Rule 15(a) of the Federal Rules of Civil Procedure
provides that “[t]he court should freely give leave [to amend a pleading] when justice so
requires.” Fed. R. Civ. P. 15(a)(2). But “[a] district court may appropriately deny leave to
amend where there are compelling reasons such as . . . futility of the amendment.”
6
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 7 of 13
Moses.com Secs., Inc. v. Comprehensive Software Sys., Inc., 406 F.3d 1052, 1065 (8th Cir.
2005) (internal quotation marks omitted). Amendment is futile where the proposed
amended claim would not withstand a motion to dismiss for failure to state a claim. See
Lunsford v. RBC Dain Rauscher, Inc., 590 F. Supp. 2d 1153, 1158 (D. Minn. 2008).
When considering a motion to dismiss under Rule 12(b)(6), the Court accepts the
facts alleged in the complaint as true and views those allegations in the light most favorable
to the plaintiff. Hager v. Arkansas Dep’t of Health, 735 F.3d 1009, 1013 (8th Cir. 2013).
However, the Court need not accept as true wholly conclusory allegations or legal
conclusions couched as factual allegations. Id. In addition, the Court ordinarily does not
consider matters outside the pleadings on a motion to dismiss. See Fed. R. Civ. P. 12(d).
Matters outside the pleadings include “any written or oral evidence in support of or in
opposition to the pleading that provides some substantiation for and does not merely
reiterate what is said in the pleadings,” as well as statements of counsel at oral argument
that raise new facts not alleged in the pleadings. Hamm v. Rhone-Poulenc Rorer Pharm.,
Inc., 187 F.3d 941, 948 (8th Cir. 1999) (internal quotation marks and citation omitted).
The Court may, however, “consider the pleadings themselves, materials embraced by the
pleadings, exhibits attached to the pleadings, and matters of public record.” 2 Illig v. Union
Elec. Co., 652 F.3d 971, 976 (8th Cir. 2011) (internal quotation marks and citation
omitted).
For purposes of this motion, the Court has considered the Proposed Amended
Complaint and the Policy.
2
7
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 8 of 13
To survive a motion to dismiss, a complaint must contain “enough facts to state a
claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570
(2007). Although a complaint need not contain “detailed factual allegations,” it must allege
facts with enough specificity “to raise a right to relief above the speculative level.” Id. at
555. “Threadbare recitals of the elements of a cause of action, supported by mere
conclusory statements,” are insufficient. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009)
(citing Twombly, 550 U.S. at 555).
B.
Analysis
The Minnesota Legislature has created a private cause of action to penalize bad faith
denial of benefits by insurance providers. See Minn. Stat. § 604.18. Under the statute, a
party, after commencing a civil suit, “may make a motion to amend the pleadings to claim
recovery of taxable costs.” Id., subd. 4. The applicable legal basis for establishing a claim
under the statute is a two-prong test, which is as follows:
The court may award as taxable costs to an insured . . . if the insured can
show:
(1) the absence of a reasonable basis for denying the benefits of the
insurance policy; and
(2) that the insurer knew of the lack of a reasonable basis for denying the
benefits of the insurance policy or acted in reckless disregard of the lack
of a reasonable basis for denying the benefits of the insurance policy.
Id., subd. 2(a). At this stage of the proceedings, plaintiff needs to plausibly plead facts that
demonstrate each prong of the test in accordance with Rule 15 of the Federal Rules of Civil
Procedure. See Selective Ins. Co. of S.C. v. Sela, 353 F. Supp. 3d 847, 866 (D. Minn. 2018).
8
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 9 of 13
Because the amendment was denied as futile, the Court conducts a de novo review
of the magistrate judge’s order.
1.
The First Prong
The Minnesota Supreme Court has held that “the first prong of the section 604.18
standard is an objective test.” Peterson v. W. Nat’l Mut. Ins. Co., 946 N.W.2d 903, 910
(Minn. 2020).
The pertinent question is “whether a reasonable insurer under the
circumstances would not have denied the insured the benefits of the insurance policy.” Id.
Here, Plaintiff alleges, in the Proposed Amended Complaint, that Hanover lacked a
reasonable basis for denying the Policy benefits. Simply put, Plaintiff alleges that Cormier
testified that “Fishbowl sustained a data breach” and that “Fishbowl had suffered an actual
loss of business income” as defined under the Policy. (Id.) Assuming this is true, Hanover
lacked a reasonable basis to deny Plaintiff the Policy’s benefits.
Put differently, a
reasonable insurer would not have denied the benefits when there was a covered data
breach. Accordingly, the Court finds that Plaintiff has plausibly plead the first prong. 3
2.
The Second Prong
The second prong is a subjective test, requiring a certain mens rea on the part of the
insurer. Peterson, 946 N.W.2d at 912. Specifically, it requires “an insured to prove that
the insurer knew, or recklessly disregarded or remained indifferent to information that
The Court finds that Plaintiff has plausibly plead the first prong based on Cormier’s
alleged testimony and, therefore, does not address Plaintiff’s alternative argument that
Hanover’s investigation was objectively unreasonable.
3
9
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 10 of 13
would have allowed it to know, that it lacked an objectively reasonable basis for denying
the insured’s claim for benefits.” Id.
Here, Plaintiff contends that it has plausibly plead the second prong by alleging that
Hanover’s investigation was unreasonable. (Proposed Am. Compl. ¶¶ 36–72, 79–82.)
Plaintiff alleges that Hanover’s investigation “failed to: request supplemental
documentation from Fishbowl; obtain police reports regarding the incident; contact any
relevant third parties; secure a formal statement from Williams; obtain recorded statements
from any relevant individuals; or retain an expert to examine Fishbowl’s system.” (Id.
¶ 40, 49.) Similarly, Plaintiff contends that Hanover failed to reasonably evaluate whether
first-party coverage was available under the Policy. (Id. ¶ 43, 52.) Given these failures,
Plaintiff contends that Hanover’s investigation was unreasonable and thus asserts that it
has plausibly plead the second prong. (See Obj. at 7–8.)
Even if Plaintiff is correct as to the failures of Hanover’s investigation, a district
court will not grant a motion to amend the pleadings to add a bad faith claim where it is
“fairly debatable” whether coverage applies. See, e.g., Swanny of Hugo, Inc. v. Integrity
Mut. Ins. Co., No. A15-0370, 2015 WL 9437571, at *7 (Minn. Ct. App. Dec. 28, 2015)
(affirming the district court’s denial of the motion to amend to add a bad faith claim under
Minn. Stat. § 604.18 based in part on a finding that the claim was “fairly debatable”);
Homestead Hills Homeowner Ass’n v. Am. Family Mut. Ins. Co., No. A12-0703, 2012 WL
5896829, at *4 (Minn. Ct. App. Nov. 26, 2012) (same); Friedberg v. Chubb & Son, Inc.,
800 F. Supp. 2d 1020, 1029 (D. Minn. 2011) (holding that the insurer’s interpretation was
“at a minimum, fairly debatable,” which “precludes a finding of bad faith”); The Nw. Mut.
10
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 11 of 13
Life Ins. Co. v. Weiher, Civ. No. 12-1430 (SRN/JSM), 2016 WL 6917204, at *17 (D. Minn.
July 11, 2016) (“[The insurer’s] decision to rescind the policy is ‘fairly debatable,’
rendering the bad faith claim futile.”); Borchardt v. State Farm Fire & Cas. Co., No. 16cv-00055 (PJS/KMM), 2017 WL 8315883, at *7 (D. Minn. Apr. 26, 2017) (“[T]he prima
facie evidence submitted in support of the motion to amend shows that the plaintiffs’ claim
was fairly debatable, and State Farm was entitled to debate it.”).
Here, Hanover argues that the Coverage does not apply. (Def.’s Opp’n at 7–11.)
First, Hanover argues that the Coverage only applies to potential earnings. (Id. at 7–8.)
Because Fishbowl alleges that it continued to earn revenue, but did not receive those
payments due to the cybercriminal, Hanover argues that there are no lost prospective
earnings that trigger the Coverage. (Id. at 8.) Second, Hanover argues that Plaintiffs’
“business operations” were never interrupted. (Id.). For example, Hanover contends that
there is no “period of restoration.” (Id. at 9.) A “period of restoration,” Hanover contends,
limits coverage to the time during which an actual impairment or denial to Fishbowl’s
“business operations” is restored. (Id.) Because Fishbowl does not allege that it restored
its business operations, Hanover argues that it had a reasonable basis to deny coverage.
(Id.) Lastly, Hanover argues that, because it is an unresolved legal issue whether the
Coverage applies to a “man in the middle” attack, it could not have acted in bad faith when
denying coverage. (Id. at 11–12.)
The Court finds that it is fairly debatable whether coverage applies. For example,
Plaintiff alleges that a data breach triggered the Coverage. (Proposed Am. Compl. ¶¶ 36,
11
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 12 of 13
46, 53, 70.) To support this claim, Plaintiff cites the following “data breach” definition
from the Policy:
The failure or violation of the security of your “system” including the
impairment or denial of access to your “system”, including a “Cyber Attack”
or unauthorized acts or omissions by a “rogue employee” which damages or
harms your “system” or the “system” of a third party for whom you provide
“services” for a fee.
(Id. ¶ 34.) But Plaintiff cites no authority establishing that a “man in the middle” cyberattack meets that definition. In fact, Plaintiff concedes that this is an open legal issue.
(Hr’g Tr. [Doc. No. 48] 23:8–10.) And insurers are permitted to dispute coverage on open
legal issues. See Sela, 353 F. Supp. 3d at 865 (“[B]ad faith arises only when the insurer
has no ‘reasonable basis’ for its construction of the policy.”); Borchardt, 2017 WL
8315883, at *7 (explaining that the insurer is “entitled to debate” an issue that is fairly
debatable); see also Philadelphia Indem. Ins. Co. v. Youth Alive, Inc., 732 F.3d 645, 650
(6th Cir. 2013) (explaining that, under Kentucky law, an “unresolved legal issue” means
that the claim is “fairly debatable as a matter of law and will not support a claim of bad
faith.” (internal quotation marks omitted).)
Even if Plaintiff’s legal interpretation of the Policy might prevail, the fact that the
issue is legally debatable precludes a bad faith claim. Minnesota law only permits
amendment to add a bad faith claim in “the absence of a reasonable basis.” Minn. Stat.
§ 604.18, subd. 2 (emphasis added). Put differently, the insurer’s interpretation must be
more than merely incorrect—it must be unreasonable. See Sela, 353 F. Supp. 3d at 865
(D. Minn. 2018) (“Bad faith does not arise simply because the insurer’s construction of the
policy was subsequently found to be legally incorrect.” (internal quotation marks omitted)).
12
CASE 0:21-cv-00794-SRN-BRT Doc. 50 Filed 05/09/22 Page 13 of 13
In the absence of any caselaw that controls whether a “man in the middle” attack constitutes
a data breach on the Policy, the Court finds Hanover’s interpretation reasonable. See
Friedberg, 800 F. Supp. 2d at 1027 (“[The insurer’s] interpretation of the terms, is at the
very least fairly debatable and thus not in bad faith.”).
For these reasons, the Court finds that it is fairly debatable whether the Coverage
applies and thus Plaintiff’s amendment is futile.
III.
CONCLUSION
Based on the submissions and the entire file and proceedings herein, IT IS
HEREBY ORDERED that:
1. Plaintiff Fishbowl Solutions, Inc.’s Objection [Doc. No. 47] is
OVERRULED; and
2. The Magistrate Judge’s April 6, 2022 Order [Doc. No. 45] is AFFIRMED.
Dated: May 9, 2022
s/ Susan Richard Nelson
SUSAN RICHARD NELSON
United States District Judge
13
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?