PlayStation hacking settlement a missed opportunity

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.businessinsurance.com/article/20150505/NEWS06/150509931

Sony Corp. of America and Zurich American Insurance Co.’s settlement of
their litigation in connection with the 2011 hacking of Sony’s PlayStation
Network represents a missed opportunity for a ruling that commercial
general liability policies cover cyber risks — but with the increasing
popularity of cyber insurance policies, it may be a relatively moot issue,
policyholder attorneys say.

Terms of the settlement, which was conveyed by attorneys in the case to New
York Supreme Court Justice Jeffrey K. Oing last week, have not been
released.

In February 2014, Judge Oing said in a bench ruling that Zurich American
was not obligated to cover Sony for litigation in connection with the 2011
hacking of its PlayStation Network.

Zurich American and Zurich Insurance Group Ltd., among other insurers, had
filed suit against New York-based Sony in New York State Supreme Court in
Manhattan in 2011, stating they were not obligated to “defend and
potentially indemnify” Sony from class action lawsuits, miscellaneous
claims and possible investigations by state attorneys general related to
the hacking attack on its networks.

A Zurich spokeswoman had no further comment beyond confirming a settlement
had been reached. Sony did not respond to a request for comment.

The settlement is disappointing “because we’re obviously looking to have
that trial court decision overturned, and that is not going to happen given
the recent settlement announcement,” said Joshua Gold, a shareholder with
Anderson Kill P.C. in New York.

He added, “I can only assume that Sony is now getting some money in
exchange for withdrawing an appeal, and I guess that is somewhat of a good
sign for policyholders, if that assumption is correct,” Mr. Gold said.

Furthermore, “Obviously, the insurance companies did not feel certain that
their victory at the trial court was going to continue” with the appeal, or
they would not have settled, Mr. Gold said.

It means policyholders need to examine all of their potentially applicable
policies, including their CGL insurance, with respect to cyber coverage
issues “because the potential for insurance coverage remains there,” Mr.
Gold said.

However, “The trial court opinion was an outlier from the perspective of
interpreting the language at issue and applying it in the context of the
data breach event that Sony experienced,” said Linda D. Kornfeld, a partner
at Kasowitz Benson Torres & Friedman L.L.P. in Los Angeles.

“As we progress down the road of insurance coverage battles for data breach
events, the general liability coverage is becoming less of a focus and the
attention is turning more significantly to the specialty or specific data
breach coverages,” Ms. Kornfeld said.

“Even if the appellate court had ruled and upheld the trial court’s
decision, given that there are not a significant number of cases presently
pending addressing data breach coverage under CGL policies,” it “still
might not have had much impact,” she said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!