Electronic trading outfit Virtu Financial is suing its insurer for refusing to cover a $6.9 million loss suffered in a hacking scam.
In court filings unearthed by BankInfoSecurity, Virtu says that its systems were hacked in May, giving the crooks access to the email account of an executive.
The hackers read the executives emails for two weeks before creating inbox rules that hid certain messages. They then sent emails, purporting to be from the executive, to the Virtu accounting department requesting two wire transfers - one for around $3.6 million and one for $7.2 million - be sent to overseas banks.
The transfers were flagged a few days later during a routine reconciliation process, sparking an investigation. Police reports were filed and Virtu managed to get an injunction freezing around $3.9 million held in two accounts with the Bank of China.
With about $6.9 million still missing, Virtu also gave notice to Axis Insurance, with which it had purchased a policy in 2019 to cover, among other things "computer systems fraud".
According to the court documents, Axis questioned the situation, asserting that the unauthorised access to Virtu's systems "was not the direct cause of the loss" which was in fact caused by "separate and intervening acts by employees of Virtu who issued the wire transfers because they believed the ‘spoofed’ email asking for the funds to be transferred to be true".
After months of wrangling, Virtu has filed suit, accusing its insurer of breach of contract, anticipatory breach of contract, and breach of the covenant of good faith and fair dealing.