Not a Lexis Advance subscriber? Try it out for free.

Nat'l Ink & Stitch, LLC v. State Auto Prop. & Cas. Ins. Co.

United States District Court for the District of Maryland

January 23, 2020, Decided; January 23, 2020, Filed

Civil Case No. SAG-18-2138



Plaintiff National Ink & Stitch, LLC ("Plaintiff") filed this case against its businessowners' insurance carrier, State Auto Property and Casualty Insurance Company ("State Auto"), seeking coverage for damage alleged to have been sustained to its computer system in a ransomware attack. The parties have filed cross-motions for summary judgment, ECF 35 ("State Auto's Motion"), ECF 36 ("Plaintiff's Motion"), and oppositions to the respective motions, ECF 37, 38. I have reviewed the filings, and no hearing is necessary. See Loc. R. 105(6) (D. Md. 2018). For the reasons that follow, I will grant Plaintiff's Motion and deny State Auto's Motion.


The facts in this case are largely undisputed. Plaintiff's embroidery and screen printing business was covered by a State Auto businessowner's insurance policy, number BOP2870198, [*2]  between March 31, 2016 and March 31, 2017 ("the Policy"). ECF 35-2. Plaintiff stored art, logos, and designs for its business on its computer server. ECF 35-3 at 22-23. The server also housed graphic arts software, shop management software, embroidery software, and webstore management software. Id. at 42-45.

In December, 2016, Plaintiff's computer server and networked computers experienced a ransomware attack, which prevented Plaintiff from accessing all of the art files and other data contained on the server, and all of its software, except for the embroidery software. Id. at 54-55. The attacker demanded payment of a bitcoin to release access to the software and data. Id. at 58, 69. Although Plaintiff made the requested payment, the attacker demanded further payment and refused to release the software and data. Id. at 69-76 (stating "we got the executable file but now we needed to pay another Bitcoin if we wanted the configuration file."). Plaintiff employed a security company to replace and reinstall its software, and to install protective software on its computer system. Id. at 79-81. In the end, although Plaintiff's computers still functioned, the installation of protective software slowed the system and resulted in a loss of efficiency. [*3]  Id. at 80-81 (describing the system as "a lot slower than it was because of all the protective measures they put in place"). The art files formerly stored on the server cannot be accessed, and Plaintiff either has or will have to recreate them. Id. at 82. The computer experts testified that there are likely dormant remnants of the ransomware virus in the system, that could "re-infect the entire system." ECF 35-3 at 61 (Interrogatory Response #3). The options, to eliminate the risk of further infection, would be to "wipe" the entire system and reinstall all of the software and information, or to purchase an entirely new server and components. Id.

The Policy provides, in relevant part, that State Auto:

Read The Full CaseNot a Lexis Advance subscriber? Try it out for free.

Full case includes Shepard's, Headnotes, Legal Analytics from Lex Machina, and more.

2020 U.S. Dist. LEXIS 11411 *; 2020 WL 374460



software, computer system, physical loss, functionality, stored, coverage, media, Records, server, replacement, parties, electronic, non-moving, storage, tangible property, electronic media, plain language, summary judgment motion, summary judgment, physical damage, reliability, ransomware, programs, genuine