UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT
NEW ENGLAND SYSTEMS, INC., Plaintiff,
v. No. 3:20-cv-01743 (JAM)
CITIZENS INSURANCE COMPANY OF AMERICA, Defendant.
ORDER GRANTING MOTION TO DISMISS IN PART
Plaintiff New England Systems, Inc. (“NSI”) is an information technology services provider. NSI purchased a businessowners insurance policy from defendant Citizens Insurance Company of America (“Citizens”). After NSI fell victim to a cyberattack in June 2019, Citizens paid for repairs to and restoration of NSI’s systems but denied coverage for NSI’s loss of business during the repair and restoration period. NSI has filed this lawsuit against Citizens, alleging claims for breach of contract, for violations of the Connecticut Unfair Trade Practices Act (“CUTPA”) and Connecticut Unfair Insurances Practices Act (“CUIPA”), and for breach of the implied covenant of good faith and fair dealing. Citizens has moved to dismiss the latter two claims. I will grant the motion to dismiss the claim for violation of CUTPA/CUIPA but deny the motion to dismiss the claim for breach of the implied covenant of good faith and fair dealing. BACKGROUND The following facts are set forth in the light most favorable to NSI as the non-moving party and whose allegations are accepted as true for the purposes of this motion. NSI is an information technology services provider based in Naugatuck, Connecticut that provides its clients with IT support, IT strategy and consulting, and cybersecurity services.1 NSI held a businessowners insurance policy issued by Citizens.2 The policy includes a “Data Breach Coverage Form” that insures NSI against various costs associated with cyberattacks and data breaches up to an aggregate limit of $250,000.3 That form includes two provisions of
particular note. First, a “Breach Restoration Expenses” term covers the reasonable cost of repairing or replacing compromised data and any programs storing such data.4 Second, a “Cyber Business Interruption and Extra Expense” term covers the actual loss of business income and any defined “extra expense[s]” incurred by NSI during the “period of restoration” directly stemming from a data breach that “results in actual impairment or denial of service of ‘busines[s] operations during the policy period.’”5 Any business interruption coverage is subject to a 24- hour waiting-period deductible and a 60-day maximum payment period.6 In June 2019, NSI was the victim of a ransomware attack.7 NSI promptly informed Citizens of the data breach in compliance with the insurance policy.8 Citizens consented to an arrangement in which NSI would repair its own computer systems following the attack, given NSI’s technical ability and knowledge of the impacted systems.9 Indeed, NSI’s repair efforts
appear to have been compensated as a Breach Restoration Expense.10 For more than sixty days,
1 Doc. #1-1 at 4, 5 (¶¶ 1, 5). 2 Id. at 5 (¶ 9). 3 Id. at 5-6 (¶¶ 10-12); Doc. #1-1, Ex. B at 23. 4 Doc. #1-1, Ex. B at 24, 31-32. 5 Doc. #1-1 at 6 (¶ 13). 6 Id. at 6-7 (¶¶ 14-15). 7 Id. at 7 (¶ 16). 8 Id. at 7 (¶¶ 17-18). 9 Id. at 7 (¶¶ 19-21). 10 See id. at 14 (¶ 55(c)(iii)). NSI labored to repair its computer systems and was unable to perform contract work for its clients, both because of the damage caused to its systems by the cyberattack and because its employees were occupied with repairs.11 In December 2019, NSI requested that Citizens pay for business interruption coverage under the policy.12 Citizens denied coverage.13 After NSI made a subsequent request and
submitted additional information, Citizens again denied coverage.14 The complaint alleges three claims. Count One alleges a claim for breach of contract. Count Two alleges a claim for violation of CUIPA as made actionable under CUTPA. Count Three alleges a claim for breach of the implied covenant of good faith and fair dealing. Citizens moves to dismiss Counts Two and Three of the complaint.15 DISCUSSION When considering a motion to dismiss under Rule 12(b)(6), a court must first accept as true all factual matters alleged in the complaint and draw all reasonable inferences for the plaintiff, see Hernandez v. United States, 939 F.3d 191, 198 (2d Cir. 2019), though it need not
credit bare conclusory statements or “formulaic recitations” of the elements of a cause of action, Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555-56 (2007). Then a court must decide whether the pleaded facts are sufficient to state plausible grounds for relief. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). This plausibility requirement is not a probability requirement, but it does demand “more than a sheer possibility that a defendant has acted unlawfully.” Ibid.16
11 Id. at 8 (¶¶ 22-24, 26). 12 Id. at 9 (¶ 30). 13 Id. at 9 (¶ 31). 14 Id. at 9 (¶¶ 32-33). 15 Doc. #12. 16 Unless otherwise indicated, this ruling omits internal quotation marks, alterations, citations, and footnotes in text A. Count Two - CUTPA/CUIPA CUTPA prohibits “unfair or deceptive acts or practices in the conduct of any trade or commerce,” Conn. Gen. Stat. § 42-110b(a), and provides a private right of action for persons injured by such behavior, Conn. Gen. Stat. § 42-110g. CUIPA is a more specialized statute,
taking aim at unfair or deceptive practices specific to the business of insurance. Conn. Gen. Stat. § 38a-815 et seq. While CUIPA does not include a private right of action, it does list 21 separate acts or practices that are statutorily defined as “unfair and deceptive acts or practices in the business of insurance.” Conn. Gen. Stat. § 38a-816. A private plaintiff seeking redress for a violation of CUIPA may allege that the practices defined by CUIPA constitute actionable CUTPA violations. See Artie’s Auto Body, Inc. v. Hartford Fire Ins. Co., 119 A.3d 1139, 1150 (Conn. 2015). Where a plaintiff alleges that an unfair insurance practice under CUIPA also constitutes a CUTPA violation, the failure of the CUIPA claim is fatal to the CUTPA claim. Id. at 1150-51. 1. False Information and False Advertising
NSI invokes CUIPA’s broad prohibition on “[f]alse information and advertising generally,” which is defined to include “placing before the public . . . an advertisement, announcement, or statement containing any assertion, representation or statement with respect to the business of insurance . . . which is untrue, deceptive or misleading.” Conn. Gen. Stat. § 38a- 816(2). NSI alleges that Citizens violated § 38a-816(2) by misrepresenting its data breach and cyber liability coverage as including “Cyber Business interruption and extra expenses incurred
quoted from court decisions. due to a breach,” as well as losses to “finances, reputation, and operational capabilities.”17 NSI further alleges that Citizens put these statements before the public when it used them to advertise “Data breach and cyber liability” insurance on its website.18 The relevant webpage also includes a disclaimer at the bottom with the caveat that: “Coverage may not be available in all
jurisdictions and is subject to the company underwriting guidelines and the issued policy.
Free access — add to your briefcase to read the full text and ask questions with AI
UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT
NEW ENGLAND SYSTEMS, INC., Plaintiff,
v. No. 3:20-cv-01743 (JAM)
CITIZENS INSURANCE COMPANY OF AMERICA, Defendant.
ORDER GRANTING MOTION TO DISMISS IN PART
Plaintiff New England Systems, Inc. (“NSI”) is an information technology services provider. NSI purchased a businessowners insurance policy from defendant Citizens Insurance Company of America (“Citizens”). After NSI fell victim to a cyberattack in June 2019, Citizens paid for repairs to and restoration of NSI’s systems but denied coverage for NSI’s loss of business during the repair and restoration period. NSI has filed this lawsuit against Citizens, alleging claims for breach of contract, for violations of the Connecticut Unfair Trade Practices Act (“CUTPA”) and Connecticut Unfair Insurances Practices Act (“CUIPA”), and for breach of the implied covenant of good faith and fair dealing. Citizens has moved to dismiss the latter two claims. I will grant the motion to dismiss the claim for violation of CUTPA/CUIPA but deny the motion to dismiss the claim for breach of the implied covenant of good faith and fair dealing. BACKGROUND The following facts are set forth in the light most favorable to NSI as the non-moving party and whose allegations are accepted as true for the purposes of this motion. NSI is an information technology services provider based in Naugatuck, Connecticut that provides its clients with IT support, IT strategy and consulting, and cybersecurity services.1 NSI held a businessowners insurance policy issued by Citizens.2 The policy includes a “Data Breach Coverage Form” that insures NSI against various costs associated with cyberattacks and data breaches up to an aggregate limit of $250,000.3 That form includes two provisions of
particular note. First, a “Breach Restoration Expenses” term covers the reasonable cost of repairing or replacing compromised data and any programs storing such data.4 Second, a “Cyber Business Interruption and Extra Expense” term covers the actual loss of business income and any defined “extra expense[s]” incurred by NSI during the “period of restoration” directly stemming from a data breach that “results in actual impairment or denial of service of ‘busines[s] operations during the policy period.’”5 Any business interruption coverage is subject to a 24- hour waiting-period deductible and a 60-day maximum payment period.6 In June 2019, NSI was the victim of a ransomware attack.7 NSI promptly informed Citizens of the data breach in compliance with the insurance policy.8 Citizens consented to an arrangement in which NSI would repair its own computer systems following the attack, given NSI’s technical ability and knowledge of the impacted systems.9 Indeed, NSI’s repair efforts
appear to have been compensated as a Breach Restoration Expense.10 For more than sixty days,
1 Doc. #1-1 at 4, 5 (¶¶ 1, 5). 2 Id. at 5 (¶ 9). 3 Id. at 5-6 (¶¶ 10-12); Doc. #1-1, Ex. B at 23. 4 Doc. #1-1, Ex. B at 24, 31-32. 5 Doc. #1-1 at 6 (¶ 13). 6 Id. at 6-7 (¶¶ 14-15). 7 Id. at 7 (¶ 16). 8 Id. at 7 (¶¶ 17-18). 9 Id. at 7 (¶¶ 19-21). 10 See id. at 14 (¶ 55(c)(iii)). NSI labored to repair its computer systems and was unable to perform contract work for its clients, both because of the damage caused to its systems by the cyberattack and because its employees were occupied with repairs.11 In December 2019, NSI requested that Citizens pay for business interruption coverage under the policy.12 Citizens denied coverage.13 After NSI made a subsequent request and
submitted additional information, Citizens again denied coverage.14 The complaint alleges three claims. Count One alleges a claim for breach of contract. Count Two alleges a claim for violation of CUIPA as made actionable under CUTPA. Count Three alleges a claim for breach of the implied covenant of good faith and fair dealing. Citizens moves to dismiss Counts Two and Three of the complaint.15 DISCUSSION When considering a motion to dismiss under Rule 12(b)(6), a court must first accept as true all factual matters alleged in the complaint and draw all reasonable inferences for the plaintiff, see Hernandez v. United States, 939 F.3d 191, 198 (2d Cir. 2019), though it need not
credit bare conclusory statements or “formulaic recitations” of the elements of a cause of action, Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555-56 (2007). Then a court must decide whether the pleaded facts are sufficient to state plausible grounds for relief. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). This plausibility requirement is not a probability requirement, but it does demand “more than a sheer possibility that a defendant has acted unlawfully.” Ibid.16
11 Id. at 8 (¶¶ 22-24, 26). 12 Id. at 9 (¶ 30). 13 Id. at 9 (¶ 31). 14 Id. at 9 (¶¶ 32-33). 15 Doc. #12. 16 Unless otherwise indicated, this ruling omits internal quotation marks, alterations, citations, and footnotes in text A. Count Two - CUTPA/CUIPA CUTPA prohibits “unfair or deceptive acts or practices in the conduct of any trade or commerce,” Conn. Gen. Stat. § 42-110b(a), and provides a private right of action for persons injured by such behavior, Conn. Gen. Stat. § 42-110g. CUIPA is a more specialized statute,
taking aim at unfair or deceptive practices specific to the business of insurance. Conn. Gen. Stat. § 38a-815 et seq. While CUIPA does not include a private right of action, it does list 21 separate acts or practices that are statutorily defined as “unfair and deceptive acts or practices in the business of insurance.” Conn. Gen. Stat. § 38a-816. A private plaintiff seeking redress for a violation of CUIPA may allege that the practices defined by CUIPA constitute actionable CUTPA violations. See Artie’s Auto Body, Inc. v. Hartford Fire Ins. Co., 119 A.3d 1139, 1150 (Conn. 2015). Where a plaintiff alleges that an unfair insurance practice under CUIPA also constitutes a CUTPA violation, the failure of the CUIPA claim is fatal to the CUTPA claim. Id. at 1150-51. 1. False Information and False Advertising
NSI invokes CUIPA’s broad prohibition on “[f]alse information and advertising generally,” which is defined to include “placing before the public . . . an advertisement, announcement, or statement containing any assertion, representation or statement with respect to the business of insurance . . . which is untrue, deceptive or misleading.” Conn. Gen. Stat. § 38a- 816(2). NSI alleges that Citizens violated § 38a-816(2) by misrepresenting its data breach and cyber liability coverage as including “Cyber Business interruption and extra expenses incurred
quoted from court decisions. due to a breach,” as well as losses to “finances, reputation, and operational capabilities.”17 NSI further alleges that Citizens put these statements before the public when it used them to advertise “Data breach and cyber liability” insurance on its website.18 The relevant webpage also includes a disclaimer at the bottom with the caveat that: “Coverage may not be available in all
jurisdictions and is subject to the company underwriting guidelines and the issued policy. This material is provided for informational purposes only and does not provide any coverage.”19 The disclaimer is fatal to NSI’s false advertising claim. The disclaimer puts consumers on notice that all coverage decisions are measured against the issued policy, and NSI does not point to any particular language on the webpage that would tend to mislead a reasonable consumer. The Connecticut Supreme Court’s opinion in Nazami v. Patrons Mutual Insurance Co., 910 A.2d 209 (Conn. 2006) is instructive. There, the court considered a certificate of insurance that detailed a policy’s liability limits, expiration date, and exclusions, with the caveat that it was issued “as a matter of information only” and subject to “all the terms, exclusions and conditions” of the policy. Id. at 211. Despite the plaintiff’s claim that the certificate would lead a reasonable
consumer to believe that coverage would last until the expiration date, the court concluded otherwise—the certificate was not misleading in part because its disclaimer stated that it was for information only and subject to the terms and conditions of the policy. Id. at 213-14, 216. Citizens’s webpage is even less likely to deceive or mislead than Nazami’s certificate because while the certificate detailed policy terms and included an expiration date, Citizens’s website offers no specific terms that might lead a consumer to mistake it for an operative policy.
17 Doc. #1-1 at 12 (¶¶ 50-51). 18 Doc. #1-1 at 19, Ex. A (depicting Citizens’s website as of September 11, 2020). 19 Ibid.; Doc. #13 at 8. Rather, it describes only high-level “[c]overage highlights,” and makes no mention of premiums, deductibles, coverage limitations, or dates on which coverage begins or ends.20 Although Nazami dealt with a claim under § 38a-816(1) instead of § 38a-816(2), the two provisions are closely related and prohibit similar false or misleading statements about insurance
policies. Conn. Gen. Stat. § 38a-816(1)-(2). Accordingly, I will grant Citizens’s motion to dismiss as to the CUTPA/CUIPA claim under § 38a-816(2). 2. Unfair Claim Settlement Practices NSI also alleges two types of unfair claim settlement practices under § 38a-816(6)(c)-(d), which cover “failing to adopt and implement reasonable standards for the prompt investigation of claims arising under insurance policies” and “refusing to pay claims without conducting a reasonable investigation based upon all available information.” Conn. Gen. Stat. § 38a- 816(6)(c)-(d).21 Even assuming that NSI has pleaded facts supporting both types of alleged violations in this case, NSI nevertheless fails to state a claim under § 38a-816(6) because it does not adequately allege facts to show that such behavior represents Citizens’s general business
practice. To state a claim under either § 38a-816(6)(C) or § 38a-816(6)(D), a plaintiff must allege that the defendant has engaged in similar unfair or deceptive acts “with such frequency as to indicate a general business practice.” Conn. Gen. Stat. § 38a-816(6); Hartford Roman Catholic Diocesan Corp. v. Interstate Fire & Cas. Co., 905 F.3d 84, 95 (2d Cir. 2018). While there is no particular number of instances necessary to establish a general business practice, a plaintiff must allege more than one act of insurance misconduct. See, e.g., Conn. Mun. Elec. Energy Coop. v.
20 Doc. #1-1 at 19-21 (Ex. A). 21 Doc #1-1 at 11 (¶ 48). Nat’l Union Fire Ins. Co. of Pittsburgh, 2020 WL 6888272, at *4 (D. Conn. 2020); Lees v. Middlesex Ins. Co., 643 A.2d 1282, 1285 (Conn. 1994). Moreover, prior instances of insurance misconduct offered to demonstrate a general business practice must be sufficiently similar to the allegations at issue to support such a
conclusion. See Mazzarella v. Amica Mut. Ins. Co., 774 F. App’x 14, 18 (2d Cir. 2019) (alleged prior misconduct involving merely coverage denial does not support a misconduct claim for general business practice of failure to investigate). “Relevant factors may include: the degree of similarity between the alleged unfair practices in other instances and the practice allegedly harming the plaintiff; the degree of similarity between the insurance policy held by the plaintiff and the policies held by other alleged victims of the defendant's practices; the degree of similarity between claims made under the plaintiff's policy and those made by other alleged victims under their respective policies; and the degree to which the defendant is related to other entities engaging in similar practices.” Belz v. Peerless Ins. Co., 46 F. Supp. 3d 157, 166 (D. Conn. 2014) (citation omitted).
To support its allegation of a general business practice, NSI identifies three consumer complaints against Citizens or its corporate relatives that the State of Connecticut Insurance Department has found to be “justified.”22 But NSI alleges few details that might illuminate how these consumer complaints relate to the conduct at issue in this case. From NSI’s scant allegations, it appears that none of NSI’s examples concern a claim under § 38a-816(6)(C), and only one touches on § 38a-816(6)(D).23 One example appears to deal with delay of coverage or underappraisal following damage to a pool.24 Another example provides no information about
22 Doc. #1-1 at 11-12 (¶ 49). 23 Ibid. 24 Ibid. the policy at issue, other than to note that the Insurance Department found that Citizens’s damage appraisal was “way too low” and mandated additional payment to the insured.25 The final example, touching on § 38a-816(6)(D), includes no policy details but appears to involve a violation stemming from delayed communication and settlement with the insured.26
Even viewing the facts in the light most favorable to NSI, its examples are insufficient to state a claim that Citizens engaged in unfair or deceptive practices so frequently as to constitute a general business practice. See Nautilus Ins. Co. v. CT Painting LLC, 2017 WL 9604616, at *6 (D. Conn. 2017) (discounting case citations offered to show general business practice on the ground that the pleaded cases had insufficiently similar facts, and because one example was 13 years old). Accordingly, I will grant the motion to dismiss as to NSI’s § 38a-816(6) claim. B. Count Three – Breach of the Covenant of Good Faith and Fair Dealing Every contract includes an implied covenant of good faith and fair dealing. “In other words, every contract carries an implied duty requiring that neither party do anything that will injure the right of the other to receive the benefits of the agreement.” Geysen v. Securitas Sec.
Servs. USA, Inc., 142 A.3d 227, 237 (Conn. 2016). “To constitute a breach of the implied covenant of good faith and fair dealing, the acts by which a defendant allegedly impedes the plaintiff’s right to receive benefits that he or she reasonably expected to receive under the contract must have been taken in bad faith.” Id. at 237-38. NSI alleges that Citizens engaged in multiple bad faith acts that were designed to defeat NSI’s rights under the insurance contract. It alleges that Citizens falsely represented that NSI had waived its right to claim business interruption insurance.27 It further alleges that Citizens
25 Ibid. 26 Ibid. 27 Doc. #1-1 at 13 (¶ 55(c)(i)). intentionally misrepresented pertinent policy provisions when it allowed NSI to undertake self- repair work without disclosing that Citizens knew it would consider NSI ineligible for business- interruption coverage if it performed such work.28 Finally, NSI alleges that Citizens engaged in no investigation of its claims whatsoever.29
Taken together, these allegations are enough for initial pleading purposes to support a claim that Citizens acted in bad faith to impede NSI’s rights to the benefits of its insurance policy. Accordingly, I will deny Citizens’s motion to dismiss NSI’s claim for breach of the implied covenant of good faith and fair dealing. CONCLUSION For the reasons stated above, the motion to dismiss is GRANTED with respect to Count Two and DENIED with respect to Count Three. It is so ordered. Dated at New Haven this 17th day of May 2021. /s/ Jeffrey Alker Meyer Jeffrey Alker Meyer United States District Judge
28 Id. at 13-14 (¶ 55(c)(ii)-(iii)). 29 Id. at 13 (¶ 55(b)).