Sony insurer says it's not liable for breach-related costs
Zurich Insurance wants court to declare it has no obligation to cover Sony claims
Computerworld - One of Sony's insurers has asked a New York court to absolve it of any responsibility for defending or indemnifying Sony against claims arising from the recent data breaches at the company.
In a lawsuit filed Wednesday, Zurich American Insurance Company argued that Sony's insurance policies did not cover liabilities arising from incidents such as data breaches.
Zurich Insurance asked the New York Supreme Court to declare that the insurer had no obligation to defend Sony or to respond to its insurance claims related to the breaches.
The suit comes amid mounting legal claims against Sony over massive data breaches of its PlayStation Network (PSN), the Sony Online Entertainment (SEO) network and the Sony Pictures network. The breaches, first disclosed by Sony in April, resulted in the compromise of account data belonging to close to 100 million users.
In all, more than 12 million active and expired debit and credit cards were compromised in the breaches, including about 5.6 million cards in the U.S.
The breaches have so far led to 55 putative class-action lawsuits being filed against Sony by members of the PSN and SEO network, Zurich said in its lawsuit. Three other lawsuits have been filed against Sony in Canada. In addition, the Attorneys General of several states, the Federal Trade Commission and the the House Subcommittee on Commerce, Manufacturing, and Trade have all said they are investigating the breach, Zurich noted in its complaint.
Sony has said that it expects to spend at least
Sony tendered the complaints and claims to Zurich and has demanded that the insurer defend it against the claims, Zurich said. But the insurer said the commercial general liability insurance policy it has with Sony Computer Entertainment America does not cover damages arising from cyber incidents .
The policy only covers "bodily injury" and "property damage" caused by occurrences other than the kind of cyber attacks Sony experienced, Zurich said.
Zurich also named three other Sony insurers as defendants in its lawsuit. It asked the court to get a clarification from the three companies on what their responsibilities would be in covering Sony's liabilities.
Sony did not immediately respond to a request for comment.
This is not the first time that an insurance company has balked at paying claims resulting from a cyber attack, and it is unlikely to be the last, considering the growing number of companies signing up for such protection.
Last June, the Colorado Casualty Insurance Co., contended that it wasn't responsible for reimbursing the University of Utah for $3.3 million in costs related to a 2008 data breach caused by a third-party service provider.
In that case, Colorado Casualty offered no reasons for its position, which later resulted in a motion for dismissal by the third-party service provider.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Healthcare organizations still too lax on security
- Why would Chinese hackers want US hospital patient data?
- About 4.5M face risk of ID theft after hospital network hacked
- Supervalu breach shows why move to smartcards is long overdue
- Grocery stores in multiple states hit by data breach
- Update: Payment cards with chips aren't perfect, so encrypt everything, experts say
- U.S. agencies halt background checks by contractor after cyberattack
- Five unanswered questions about massive Russian hacker database
- Massive Russian hack has researchers scratching their heads
- Russian hackers amass 1.2B stolen Web credentials
Read more about Legal in Computerworld's Legal Topic Center.
- Capabilities You Need in an IP Address Management Solution A mismanaged IP space can cripple an otherwise healthy network. Take a moment to understand what you need in an enterprise-ready IPAM solution.
- IPv6 Fundamentals IPv6 is needed to sustain the growth of the Internet. The transition from IPv4 will require planning and likely some degree of support...
- Optimize IT Performance & Availability: Four Steps to Establish Effective IT Management Baselines More than ever before, your company's ability to grow hinges on IT performance and availability. Download this how-to report on establishing IT baselines,...
- Considerations for Embracing Wireless Monitoring Employee behavior is once again driving major changes for IT departments - this time it's BYOD. This report details three critical steps to...
- Maximizing Availability for the Modern Data Center Check out this information-packed resource center for help in maximizing the availability of your data center - from overcoming challenges to choosing the...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will... All Legal White Papers | Webcasts