Major Insurance Carrier Refuses $40M Ransomware Payment, Faces Lawsuit from Policyholders

Hartford Financial Services Group is facing a class-action lawsuit from policyholders after refusing to cover a $40 million ransomware payment for a manufacturing company, in a case that could reshape the cyber insurance industry.

Midwest Manufacturing Corp. was hit by a devastating ransomware attack in January that encrypted its production systems, resulting in six weeks of downtime and estimated losses exceeding $150 million. The company held a cyber insurance policy with Hartford that included coverage for ransomware payments up to $50 million.

However, Hartford denied the claim, citing policy exclusions for "failure to maintain reasonable security measures" and "nation-state attacks." The insurer alleges that Midwest had failed to implement multi-factor authentication as required by the policy and that the attack originated from a Russian state-sponsored group, triggering the war exclusion.

"Hartford is attempting to use vague policy language to deny legitimate claims," said plaintiff's attorney Monica Brennan. "The 'reasonable security' requirement was never clearly defined, and attributing attacks to nation-states based on circumstantial evidence allows insurers to deny virtually any sophisticated attack."

Hartford defended its position in a statement: "Our policy terms are clear, and our investigation found that the insured had not met their contractual obligations to maintain adequate security controls. We stand by our coverage decision."

The case has attracted attention from the broader insurance and cybersecurity industries. "This lawsuit could establish important precedents about what security measures policyholders must implement and how nation-state attribution affects coverage," said insurance analyst Katherine Wells of Moody's.

The trial is scheduled for September 2026 in the U.S. District Court for the Northern District of Illinois.