In its recent decision in Coral Reef Prods. v. AXIS Surplus Ins. Co., 2012 Mich. App. LEXIS 1149 (Mich. App. June 19, 2012), the Michigan Court of Appeals had occasion to consider whether a claim for computer hacking fell within a professional liability policy’s exclusion applicable to ill-gotten gains.
Coral Reef Products was insured under a miscellaneous errors and omissions policy issued by AXIS. Coral Reef was sued by the company Primesites for allegedly hacking into Primesites’ customer lists and soliciting Primesites’ customers. Coral Reef was alleged to have falsely informed these customers that it was affiliated with Primesites. AXIS’ policy insured Coral Reef for “Insured Services,” defined, in pertinent part, as “[t]alent consulting including talent promotion and membership services for others.” The court agreed with Coral Reef that the phrase “membership services” was ambiguous, and as such, the conduct alleged by Primesites potentially fell within the policy’s insuring agreement.
The court nevertheless concluded that coverage was negated by the following exclusions:
A. The Company is not obligated to pay Damages or Claim Expenses or defend Claims for or arising directly or indirectly out of:
* * *
2. An act or omission that a jury, court or arbitrator finds dishonest, fraudulent, criminal, malicious or was committed while knowing it was wrongful. This exclusion does not apply to any Individual Insured that did not commit, acquiesce or participate in the actions that gave rise to the Claim.
* * *
4. Unfair competition, restraint of trade or any other violation of antitrust laws.
* * *
6. Gain, profit or advantage to which any Insured is not legally entitled.
The court held that these exclusions, in particular A.4 and A.6 applied to allegations of computer hacking and retrieving and misusing Primesites’ proprietary customer database. The court explained that “[a]t a minimum, Primesites’ claims arose directly or indirectly out of the advantage Coral Reef gained as a competitor of Primesites when, allegedly, it unlawfully obtained access to Primesites’ Customer Lists and subsequently contacted Primesites’ customers.”