Feeds

Sony insurer says it's not liable for costs of data breach

Sues game maker for saying otherwise

The Power of One eBook: Top reasons to choose HP BladeSystem

Sony has been sued by its insurance company, which says the policy it issued doesn't cover a series of high-profile security breaches that exposed personal information associated with more than 100 million accounts.

A complaint filed Wednesday by the Zurich American Insurance Company (ZAIC) and the Zurich Insurance Company said the breaches have generated at least 55 class-action complaints against Sony in the US and three in Canada. Additionally Sony has been subject of investigations conducted by one or more state attorney general's offices, the US Federal Trade Commission, and the House Subcommittee on Commerce, Manufacturing, and Trade relating to the unauthorized access of its customers' data.

Sony has said more than 100 million accounts were affected and estimated the cost at $171 million.

The biggest of the breaches stemmed from an April hack attack on its PlayStation Network, which exposed names, addresses, email addresses, passwords, and other sensitive data for 77 million accounts. An attack on Sony Online Entertainment, the company's computer games service, breached the security of another 25 million accounts. Two months later, hackers gained unauthorized access to 50,000 more accounts created on the Sony Pictures website.

According to the complaint, Sony tendered the complaints and claims to Zurich and has demanded that the insurer defend it against the claims. It goes on to say ZAIC isn't obligated to cover the costs because Sony's insurance policy insures only against legal claims for "bodily injury", "property damage", and "personal and advertising injury".

"ZAIC therefore has no obligation to defend or indemnify the Sony defendants under the ZAIC Excess Policy for the claims asserted in the class action complaints or the miscellaneous claims," the complaint, filed in the Supreme Court of New York County, stated. It seeks a court ruling that none of the hack attacks qualify for coverage.

A PDF of the document is here. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.