Sony insurer says it's not liable for breach-related costs
Zurich Insurance wants court to declare it has no obligation to cover Sony claims
Computerworld - One of Sony's insurers has asked a New York court to absolve it of any responsibility for defending or indemnifying Sony against claims arising from the recent data breaches at the company.
In a lawsuit filed Wednesday, Zurich American Insurance Company argued that Sony's insurance policies did not cover liabilities arising from incidents such as data breaches.
Zurich Insurance asked the New York Supreme Court to declare that the insurer had no obligation to defend Sony or to respond to its insurance claims related to the breaches.
The suit comes amid mounting legal claims against Sony over massive data breaches of its PlayStation Network (PSN), the Sony Online Entertainment (SEO) network and the Sony Pictures network. The breaches, first disclosed by Sony in April, resulted in the compromise of account data belonging to close to 100 million users.
In all, more than 12 million active and expired debit and credit cards were compromised in the breaches, including about 5.6 million cards in the U.S.
The breaches have so far led to 55 putative class-action lawsuits being filed against Sony by members of the PSN and SEO network, Zurich said in its lawsuit. Three other lawsuits have been filed against Sony in Canada. In addition, the Attorneys General of several states, the Federal Trade Commission and the the House Subcommittee on Commerce, Manufacturing, and Trade have all said they are investigating the breach, Zurich noted in its complaint.
Sony has said that it expects to spend at least
Sony tendered the complaints and claims to Zurich and has demanded that the insurer defend it against the claims, Zurich said. But the insurer said the commercial general liability insurance policy it has with Sony Computer Entertainment America does not cover damages arising from cyber incidents .
The policy only covers "bodily injury" and "property damage" caused by occurrences other than the kind of cyber attacks Sony experienced, Zurich said.
Zurich also named three other Sony insurers as defendants in its lawsuit. It asked the court to get a clarification from the three companies on what their responsibilities would be in covering Sony's liabilities.
Sony did not immediately respond to a request for comment.
This is not the first time that an insurance company has balked at paying claims resulting from a cyber attack, and it is unlikely to be the last, considering the growing number of companies signing up for such protection.
Last June, the Colorado Casualty Insurance Co., contended that it wasn't responsible for reimbursing the University of Utah for $3.3 million in costs related to a 2008 data breach caused by a third-party service provider.
In that case, Colorado Casualty offered no reasons for its position, which later resulted in a motion for dismissal by the third-party service provider.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Amazon.com security slip allowed unlimited password guesses on mobile apps
- Huge turnout at RSA shows hackers are winning
Read more about Legal in Computerworld's Legal Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Legal White Papers | Webcasts