The agency that oversees insurance companies facing federal lawsuits to recover millions in losses from cyber attacks

A quasi-state organization has filed a lawsuit against the government to compel insurance companies to pay millions of dollars lost last year due to “wrongful wire transfers” in cybercrimes linked to Dubai, China and other foreign countries.

The lawsuit, filed Tuesday, alleges that Hartford Fire Insurance Co. and HSB Specialty Insurance should cover stolen money because the policies they offer are “specifically” cybercrime-specific.

But the insurers pressed ahead and questioned whether the quasi-state agency, known as the Special Deputy Receiver, had failed to follow specific policies and safeguards designed to prevent online theft, according to documents in the lawsuit.

The Tribune revealed in January that $6.85 million was improperly wired when hackers hacked the agency’s chief financial officer’s email and ordered subordinates to pay.

When the scheme was discovered in July 2021, two wire transfers, including one targeting $2.1 million to Singapore, were blocked, but about $4 million is still missing, according to the indictment.

The Office of the Special Assistant is a non-profit organization that works with the Gov. JB Pritzker of the Illinois Department of Insurance and exists primarily to protect debtors and insurance companies that are financially challenged or insolvent. The court sued on behalf of the director of the state insurance department because the department works with the receiver.

The fraudsters allegedly tricked employees of the receiver’s office into sending money from the accounts of two auto insurance companies that were closed and controlled by the receiver.

The companies were Affirmative Insurance Co., which sold auto insurance, and Gateway Insurance Co., which sold auto insurance. The rest of the Affirmative and Gateway pieces are in what are called “sections.”

The Gateway property lost about $2.1 million, officials said.

The affirmative estate initially lost $4.7 million, but about $2.9 million has been recovered, according to state officials and a company filing.

Failure to recover those losses could limit the ability to pay creditors, according to a person familiar with the workings of the receiver’s office.

Caron Brookens, a spokeswoman for the Illinois Department of Insurance, said the agency does not comment on pending lawsuits. The department has previously said it has cyberfraud insurance and recovery efforts are underway.

About $4 million unaccounted for was lost in five transfers to Bank of China HK Ltd. The exchange started on June 23, 2021, with a wire transfer of $336,364 and then a second one at the same price the next day. the case said.

The largest wire transfer that was never traced was for $930,000 to the same bank on July 6, 2021, according to the indictment.

The plan was discovered on July 15, 2021, one day after the transfer of $2.1 million was stopped to go to Singapore. This change was well remembered, as was the Bank of China for $770,500 on July 8.

An internal review of the article revealed that hackers entered the mailbox of Douglas Harrell, the chief financial officer of the receiver, on June 17, 2021, from Dubai. A few days later, the criminals spoofed Harrell’s email address and began sending orders to transfer the money.

When the ninth request came in, the assistant director approached Harrell to question the legitimacy of the request, and officials took steps to stop as many transfers as possible.

The fraudsters may have had Harrell in mind in what was called a “spear phishing attack”. This is when criminals target the top people in a company or organization instead of targeting employees across the company.

The receiver said an internal report showed a “high probability” that Harrell’s “email credentials were compromised via his phone or tablet,” but how the fraud scheme began is difficult to determine.

Harrell stayed with the receiver for months after the cyber attack to help deal with the issue and offered to resign and leave the agency. He had no comment Friday about the lawsuit.

But in an interview last December, Harrell said the COVID policies hindered office workers and prevented face-to-face communication that would have prevented fraudulent activities.

“They controlled my email and gave me tips,” Harrell said of the cybercriminals. “My people thought I was leading them to invest in a certain way” – and that his bosses approved of what he was doing, he said.

Harrell said he noticed the error “immediately” and “called everyone within two minutes” to discuss the matter with senior officials, including technical officials and lawyers.

The Hartford, in response to the insurers it contracted before the lawsuit was filed, wrote a letter to the Office of the Special Deputy Receiver that the wire transfer requests were “highly questionable” and violated financial regulations.

Additionally, The Hartford letter stated that following the policy “would have prevented the loss.”

Hartford’s response also noted that the receiver’s investigation determined that the transfer violated the rules governing money transfers that can be made without written authorization and “prohibiting refunds of a type identified in fraud.”

“However, due to oversight, errors and what appears to be a disregard for … policies and procedures” by agency staff, Hartford’s letter said, “the superintendent’s office completed the transfer by fraudulent individuals.”

Employees who “made the transfer indicated that they understood that the transfer was made to support funds that they suspected or knew to be in violation” of the organization’s policies and procedures but moved the money, the Hartford letter said.

Buckle Corp. of Jersey City, New Jersey, purchased the charter of the Gateway Insurance Co. for $4.2 million in 2020 through court-supervised sales in Cook County, according to Marty Young, Buckle’s co-founder and CEO.

The new company did not take over the assets or liabilities of the Gateway estate, and formed the new company.

As of its report on September 30, the company’s officials said that, Gateway Insurance Co.

Only about 100 of the old company’s customers are among the new company’s current customers, according to Buckle.

rlong@chicagotribune.com