Computerworld - One of Sony's insurers has asked a New York court to absolve it of any responsibility for defending or indemnifying Sony against claims arising from the recent data breaches at the company.
In a lawsuit filed Wednesday, Zurich American Insurance Company argued that Sony's insurance policies did not cover liabilities arising from incidents such as data breaches.
Zurich Insurance asked the New York Supreme Court to declare that the insurer had no obligation to defend Sony or to respond to its insurance claims related to the breaches.
The suit comes amid mounting legal claims against Sony over massive data breaches of its PlayStation Network (PSN), the Sony Online Entertainment (SEO) network and the Sony Pictures network. The breaches, first disclosed by Sony in April, resulted in the compromise of account data belonging to close to 100 million users.
In all, more than 12 million active and expired debit and credit cards were compromised in the breaches, including about 5.6 million cards in the U.S.
The breaches have so far led to 55 putative class-action lawsuits being filed against Sony by members of the PSN and SEO network, Zurich said in its lawsuit. Three other lawsuits have been filed against Sony in Canada. In addition, the Attorneys General of several states, the Federal Trade Commission and the the House Subcommittee on Commerce, Manufacturing, and Trade have all said they are investigating the breach, Zurich noted in its complaint.
Sony has said that it expects to spend at least
Sony tendered the complaints and claims to Zurich and has demanded that the insurer defend it against the claims, Zurich said. But the insurer said the commercial general liability insurance policy it has with Sony Computer Entertainment America does not cover damages arising from cyber incidents .
The policy only covers "bodily injury" and "property damage" caused by occurrences other than the kind of cyber attacks Sony experienced, Zurich said.
Zurich also named three other Sony insurers as defendants in its lawsuit. It asked the court to get a clarification from the three companies on what their responsibilities would be in covering Sony's liabilities.
Sony did not immediately respond to a request for comment.
This is not the first time that an insurance company has balked at paying claims resulting from a cyber attack, and it is unlikely to be the last, considering the growing number of companies signing up for such protection.
Last June, the Colorado Casualty Insurance Co., contended that it wasn't responsible for reimbursing the University of Utah for $3.3 million in costs related to a 2008 data breach caused by a third-party service provider.
In that case, Colorado Casualty offered no reasons for its position, which later resulted in a motion for dismissal by the third-party service provider.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at 
@jaivijayan or subscribe to Jaikumar's RSS feed 
. His e-mail address is jvijayan@computerworld.com.
Read more about Legal in Computerworld's Legal Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
