We look at how an online retailer of medical products suffered a business interruption loss as a result of notifying customers about a data breach.
The company's website was attacked by hackers who inserted malware on to the site and managed to gain access to a database containing the credit card details of over 90,000 customers. As there were local breach notification laws in place, all the affected individuals were notified of the incident and provided with identity theft restoration services. Immediately after the notification, however, the business noticed a significant drop-off in sales.
Following an investigation by forensic accountants, it was established that the insured had lost a total of 5,196 orders as a result of notification over a 12-month period, resulting in a business interruption loss of $475,646. This came on top of the $230,000 incurred to remove the malware from the business's website, provide legal advice and carry out the notification process.
Read the full claim scenario