When hackers first breached the Sony Corporation in 2011, they obtained the personal information of millions of Sony customers. Not surprisingly, this resulted in numerous class action lawsuits.
Sony sought coverage from its insurance carriers, including Zurich. Zurich argued that it had no duty to defend or indemnify Sony because the provision under which Sony sought coverage applied only to publications by Sony , not to breaches by a third-party hacker. The New York trial court agreed.
Last week , Sony and Zurich settled the case. That settlement has deprived the Appellate Division of the chance to rule on one of 2015's most watched appellate cases.
Sony thought it had coverage under its general liability policy for the "oral or written publication, in any manner, of material that violates a person's right of privacy". In seeking a declaration from the court, the insurers argued that coverage is limited to acts committed by Sony , as the insured, and not by third-parties . The court agreed with Zurich 's argument and held that coverage was available only to the extent. Sony was responsible for the publication.
According to the court,the provision did not apply when the hackers, not Sony, were responsible for the publication. In essence , the Judge refused to extend the Commercial General Liability (CGL) policy to cov er the criminal actions of hackers.
As electronic data risks expand and insurers fight to limit or exclude coverage, understanding your insurance policy , its exclusions and endorsements has never been more critical.