Medidata Solutions, Inc. v. Fed. Ins. Co.

• Decision Date: 21 July 2017
• Docket Number: 15–CV–907 (ALC)
• Parties: MEDIDATA SOLUTIONS, INC., Plaintiff, v. FEDERAL INSURANCE CO., Defendant
• Court: U.S. District Court — Southern District of New York

268 F.Supp.3d 471

MEDIDATA SOLUTIONS, INC., Plaintiff,

v.FEDERAL INSURANCE CO., Defendant

15–CV–907 (ALC)

United States District Court, S.D. New York.

Signed July 21, 2017

Adam Seth Ziffer, Robin L. Cohen, Alexander Michael Sugzda, McKool Smith, New York, NY, for Plaintiff

Christopher M. Kahler, Sara Gronkiewicz–Doran, Scott Schmookler, Gordon & Rees LLP, Chicago, IL, Jeffrey Yehuda Aria Spiegel, Joseph Salvo, Gordon & Rees, LLP, New York, NY, for Defendant

MEMORANDUM AND ORDER GRANTING SUMMARY JUDGMENT

ANDREW L. CARTER, JR., District Judge:

Medidata Solutions, Inc. ("Medidata") commenced this action against Federal Insurance Company ("Federal") after Federal denied Medidata's claim for insurance coverage. The parties filed cross-motions for summary judgment and the Court ordered additional expert discovery. For the following reasons, Medidata's motion for summary judgment is GRANTED.

BACKGROUND

A. Medidata

Medidata provides cloud-based services to scientists conducting research in clinical trials. Medidata's Memorandum of Law in Support of Motion for Summary Judgment ("Pl's Mem.") at 3, ECF No. 37. Medidata used Google's Gmail platform for company emails. Affidavit of Glenn Watt in Support of Medidata's Motion for Summary Judgment, ("Watt Aff.") ¶ 2, ECF No. 39. Medidata email addresses consisted of an employee's first initial and last name followed by the domain name "mdsol.com" instead of "gmail.com". Id. ¶ 3. Email messages sent to Medidata employees were routed through Google computer servers. Id. ¶ 4. Google systems processed and stored the email messages. Id. ¶ 4. During processing, Google compared an incoming email address with Medidata employee profiles in order to find a match. Id. ¶ 9. If a match was found, Gmail displayed the sender's full name, email address, and picture in the "From" field of the message. Id. ¶¶ 8, 10, 11. After processing, the emails were displayed in the Medidata employee's email account. Id. ¶ 7. Medidata employees used computers owned by the company to access the email messages that were process and displayed by Google. Id.

B. Fraud on Medidata

In the summer of 2014, Medidata notified its finance department of the company's short-term business plans which included a possible acquisition. Plaintiff's Rule 56.1 Statement ("Pl.'s 56.1") ¶ 36, ECF No. 36. Medidata instructed finance personnel "to be prepared to assist with significant transactions on an urgent basis." Id. ¶ 37. In 2014, Alicia Evans ("Evans") worked in accounts payable at Medidata. Id. ¶ 38. Evans was responsible for processing all of Medidata's travel and entertainment expenses. Joint Exhibit Stipulation ("Joint Ex. Stip.") Ex. 20, 41:16–21, ECF No. 41. On September 16, 2014, Evans received an email purportedly sent from Medidata's president. Id. Ex. 2. The email message contained the president's name, email address, and picture in the "From" field. Id. The message to Evans stated that Medidata was close to finalizing an acquisition, and that an attorney named Michael Meyer ("Meyer") would contact Evans. Id. The email advised Evans that the acquisition was strictly confidential and instructed Evans to devote her full attention to Meyer's demands. Id. Evans replied: "I will certainly assist in any way I can and will make this a priority." Id. Ex. 4.

On that same day, Evans received a phone call from a man who held himself out to be Meyer. Id. Ex. 20, 31:10–15. Meyer demanded that Evans process a wire transfer for him. Id. Meyer told Evans a physical check would not suffice because of time constraints. Id. Ex. 20, 36:5–8. Evans explained to Meyer that she needed an email from Medidata's president requesting the wire transfer. Id. Ex. 20, 34:17–20. Evans also explained she needed approval from Medidata Vice President Ho Chin ("Chin"), and Director of Revenue Josh Schwartz ("Schwartz"). Id.

Chin, Evans, and Schwartz then received a group email purportedly sent from Medidata's president stating: "I'm currently undergoing a financial operation in which I need you to process and approve a payment on my behalf. I already spoke with Alicia, she will file the wire and I would need you two to sign off." Id. Ex. 6. The email contained the president of Medidata's email address in the "From" field and a picture next to his name. Id. In response, Evans logged on to Chase Bank's online system to initiate a wire transfer. Id. Ex. 20, 13:20–14:16. Evans entered the banking information provided by Meyer and submitted the wire transfer for approval. Id. Ex. 20, 15:11–23, 16:17–17:05. Schwartz and Chin logged on to Chase's online banking system and approved the wire transfer. Id. Ex. 21, 13:20–14:16; Ex. 19, 59:16–18, 60:02–04. $4,770,226.00 was wired to a bank account that was provided by Meyer. Id. Ex. 8.

On September 18, 2014, Meyer contacted Evans requesting a second wire transfer. Id. Ex. 20, 42:02–10. Evans initiated the second wire transfer and Schwartz approved it. Id. Ex. 21, 40:24–41:20. However, Chin thought the email address in the "Reply To" field seemed suspicious. Id. Ex. 19, 46:08–24. Chin spoke with Evans about his suspicions and Evans composed a new email to Medidata's president inquiring about the wire transfers. Id. Ex. 20, 50:04–20. Medidata's president told Evans and Chin that he had not requested the wire transfers. Id. Medidata employees then realized that the company had been defrauded. Id. Ex. 19, 63:09–64:18. Medidata contacted the FBI and hired outside counsel to conduct an investigation. Id. The investigations revealed that an unknown actor altered the emails that were sent to Chin, Evans, and Schwartz to appear as if they were sent from Medidata's president. Id.

C. Medidata Insurance Policy

Medidata held a $5,000,000 insurance policy with Federal called "Federal Executive Protection". Id. Ex. 1. The Policy contained a "Crime Coverage Section" addressing loss caused by various criminal acts, including Forgery Coverage Insuring, Computer Fraud Coverage, and Funds Transfer Fraud Coverage. Id.

1. Computer Fraud Coverage

The Policy's, "Computer Fraud Coverage", protected the "direct loss of Money, Securities or Property sustained by an Organization resulting from Computer Fraud committed by a Third Party." Id. The Policy defined "Organization" as "any organization designated in Item 4 of the Declarations for this coverage section." Id. Item 4, in turn, lists "Medidat[a] Solutions, Inc., and its subsidiaries" as a covered Organization. Id. The Policy defined "Third Party" as "a natural person other than: (a) an Employee; or (b) a natural person acting in collusion with an Employee." Id.

The Policy defined "Computer Fraud" as: "[T]he unlawful taking or the fraudulently induced transfer of Money, Securities or Property resulting from a Computer Violation." Id. A "Computer Violation" included both "the fraudulent: (a) entry of Data into ... a Computer System; [and] (b) change to Data elements or program logic of a Computer System, which is kept in machine readable format ... directed against an Organization." Id. The Policy defined "Data" broadly to include any "representation of information." Id. The Policy defined "Computer System" as "a computer and all input, output, processing, storage, off-line media library and communication facilities which are connected to such computer, provided that such computer and facilities are: (a) owned and operated by an Organization; (b) leased and operated by an Organization; or (c) utilized by an Organization." Id.

2. Funds Transfer Fraud Coverage

The Policy's Funds Transfer Fraud Coverage protected "direct loss of Money or Securities sustained by an Organization resulting from Funds Transfer Fraud committed by a Third Party." Id. The Policy defined "Funds Transfer Fraud" as: "fraudulent electronic ... instructions ... purportedly issued by an Organization, and issued to a financial institution directing such institution to transfer, pay or deliver Money or Securities from any account maintained by such Organization at such institution, without such Organization's knowledge or consent." Id.

3. Forgery Coverage

The Policy's Forgery Coverage protected "direct loss sustained by an Organization resulting from Forgery or alteration of a Financial Instrument committed by a Third Party". Id. "Forgery" is defined as "the signing of the name of another natural person ... with the intent to deceive ... Mechanically or electronically produced or reproduced signatures shall be treated the same as hand-written signatures." Id.

4. Claim For Coverage

On September 25, 2014, Medidata submitted a claim to Federal requesting coverage of the fraud under three clauses. Id. Ex. 11. Federal assigned regional claims technician Michael Maillet ("Maillet") to investigate the fraud on Medidata. Id. Ex. 12.

On December 24, 2014, Federal denied Medidata's claim for coverage. Id. Federal denied coverage under the computer fraud clause, because there had been no "fraudulent entry of Data into Medidata's computer system." Id. at 4. As support, Federal explained that [t]he subject emails containing false information were sent to an inbox which was open to receive emails from any member of the public" thus the entry of the fictitious emails "was authorized." Id. In addition, Federal concluded that there had been no "change to data elements" because the emails did not cause any fraudulent change to data elements or program logic of Medidata's computer system. Id. Federal conceded that Gmail added the name and picture of Medidata's president because of the email, however, Federal stated that the fake email did not cause this to happen. Id. According to Federal, Medidata's computer system, "populated the email in the normal manner." Id. at 5.

Federal denied coverage under the funds transfer fraud clause because the wire transfer had been authorized by Medidata employees and thus was made with the knowledge and consent of Medidata. Id.

Finally, Federal rejected Medidata's claim for Forgery Coverage because the emails did not contain...