I was hosting a paid Zoom class. I didn’t password-protect it properly. A hacker “Zoombombed” the session, broadcasting graphic pornography and shouting racial slurs at my clients. My clients are traumatized and demanding refunds. One is threatening to sue for “Infliction of Emotional Distress” and “Breach of Privacy” because their names/faces were exposed to the hacker.
Key Takeaways
- Cyber Liability vs. GL: General Liability covers bodily injury. It does not cover emotional distress caused by a hack. You need Cyber Liability.
- “Failure to Secure”: By not using a password/waiting room, you failed to maintain minimum security standards.
- Privacy Breach: If the hacker scraped client names/emails, you have a data breach on your hands.
- Reputational Harm: The biggest loss is your brand. Crisis Management insurance helps pay for the PR cleanup.
The “Why”: The Electronic Data Exclusion
The Trap:
Standard policies exclude “Access or Disclosure of Confidential or Personal Information.”
Since the “Zoombombing” incident involves unauthorized access to your digital class, a standard Personal Trainer policy will likely deny coverage.
You need a “Cyber Liability Endorsement” or a standalone policy.
The Investigation: I Quoted 3 Major Carriers
1. Coalition
- My Analysis: The best for this. They cover “Multimedia Liability” (the offensive content broadcasted) and “Privacy Liability” (the client exposure).
2. The Hartford
- My Analysis: They offer a “Cyber Suite” add-on for small businesses. It’s affordable (~$50/year) and covers data compromise defense.
3. Zoom’s Own Terms
- My Analysis: I read Zoom’s TOS. They disclaim all liability. It is 100% on you, the host, to secure the meeting.
[IMAGE: Screenshot of Zoom security settings: “Enable Waiting Room” checked]
Comparison Table: Cyber Risk for Trainers
| Carrier | Cyber Endorsement? | Privacy Defense? | Cost |
| Coalition | Yes (Standalone) | High | |
| Hartford | Yes (Add-on) | Medium | $ |
| Standard | NO | NO | N/A |
Step-by-Step Action Plan
- Enable Waiting Rooms: Never do a public link.
- Lock the Meeting: Once class starts, hit “Lock Meeting.”
- Cyber Insurance: Add the endorsement to your policy. It’s cheap.
- Apologize Professionally: Refund the class immediately. Do not argue.
FAQ
Can I sue the hacker?
If the FBI catches them. Unlikely.
Is emotional distress covered?
Only if your policy includes “Personal Injury” (not just Bodily Injury) and doesn’t exclude cyber events.
What if I recorded it?
Delete the recording immediately. Distributing it (even accidentally) doubles the liability.