Zurich voids Sony data breach claim
Japanese electronics giant Sony has failed to convince a Supreme Court judge that Zurich Financial is liable for costs relating to its massive 2011 data breach.
Zurich Insurance Company and its US subsidiary had sued Sony to have its claim for defence costs and indemnification emanating from around 60 class action suits thrown out.
But in a ruling last month (21 February), New York Judge Jeffrey Oing said Sony was not covered for the breach under its general liability policy.
The class action cases were brought after an infamous cyber attack where hackers stole the personal identification and financial information of 77 million users from Sony's Playstation Network.
Sony had argued that it was covered under a general liability policy despite an exclusion that limited Zurich's liability.
Judge Oing ruled that Zurich was not liable for defence costs because Sony did not readily publicise the stolen data attack.
"This is a case where Sony tried or continued to maintain security for this information. It was to no avail.
Hackers got in, criminally got in. They opened it up and took the information," he said.
"It is written the way it is written," added Oing.
Zurich's US subsidiary wrote a primary general liability policy above a self-insured retention. The named insured is Sony Computer Entertainment America (SCEA).
It also writes an excess layer for Sony Corporation of America (SCA) on a quota share basis that it shares with other insurers.
This sits above the $102mn primary policy issued by Mitsui Sumitomo and separate umbrella policies underwritten by National Union Fire Insurance Company of Pittsburgh (AIG) and Ace.
In the original complaint Zurich said that the activation of the excess layer depended upon the exhaustion of all of the underlying cover, which includes the primary policy it issued to SCEA, the Mitsui primary policy issued to SCA and the umbrella layers written by National Union and Ace.