Login Register Subscribe
Current Issue

PlayStation hacking settlement a missed opportunity

Reprints

Sony Corp. of America and Zurich American Insurance Co.'s settlement of their litigation in connection with the 2011 hacking of Sony's PlayStation Network represents a missed opportunity for a ruling that commercial general liability policies cover cyber risks — but with the increasing popularity of cyber insurance policies, it may be a relatively moot issue, policyholder attorneys say.

Terms of the settlement, which was conveyed by attorneys in the case to New York Supreme Court Justice Jeffrey K. Oing last week, have not been released.

In February 2014, Judge Oing said in a bench ruling that Zurich American was not obligated to cover Sony for litigation in connection with the 2011 hacking of its PlayStation Network.

Zurich American and Zurich Insurance Group Ltd., among other insurers, had filed suit against New York-based Sony in New York State Supreme Court in Manhattan in 2011, stating they were not obligated to “defend and potentially indemnify” Sony from class action lawsuits, miscellaneous claims and possible investigations by state attorneys general related to the hacking attack on its networks.

A Zurich spokeswoman had no further comment beyond confirming a settlement had been reached. Sony did not respond to a request for comment.

The settlement is disappointing “because we're obviously looking to have that trial court decision overturned, and that is not going to happen given the recent settlement announcement,” said Joshua Gold, a shareholder with Anderson Kill P.C. in New York.

He added, “I can only assume that Sony is now getting some money in exchange for withdrawing an appeal, and I guess that is somewhat of a good sign for policyholders, if that assumption is correct,” Mr. Gold said.

Furthermore, “Obviously, the insurance companies did not feel certain that their victory at the trial court was going to continue” with the appeal, or they would not have settled, Mr. Gold said.

It means policyholders need to examine all of their potentially applicable policies, including their CGL insurance, with respect to cyber coverage issues “because the potential for insurance coverage remains there,” Mr. Gold said.

However, “The trial court opinion was an outlier from the perspective of interpreting the language at issue and applying it in the context of the data breach event that Sony experienced,” said Linda D. Kornfeld, a partner at Kasowitz Benson Torres & Friedman L.L.P. in Los Angeles.

“As we progress down the road of insurance coverage battles for data breach events, the general liability coverage is becoming less of a focus and the attention is turning more significantly to the specialty or specific data breach coverages,” Ms. Kornfeld said.

“Even if the appellate court had ruled and upheld the trial court's decision, given that there are not a significant number of cases presently pending addressing data breach coverage under CGL policies,” it “still might not have had much impact,” she said.