Sony's Insurer Says It Shouldn't Have To Pay For Cost Of PlayStation Network Hack

from the sony-swims-alone dept

Fri, Jul 22nd 2011 3:28pm — Mike Masnick

Butcherer79 points to even more problems for Sony in the aftermath of the massive hacking of the PlayStation Network. It seems that Sony was expecting its insurance provider, Zurich American Insurance, to cover any costs. Zurich American Insurance apparently has other ideas:

Zurich American Insurance has now gone to court in New York seeking a declaration that it does not have to help Sony with current or future legal action related to the data breach.

Legal papers filed by Zurich reveal that 55 separate class action lawsuits are pending in the US because of the breach.

Sony has indicated that it expected Zurich to cover any such fees, but Zurich is saying no way, no how. Apparently, Zurich says that its contract with Sony doesn't even cover the parts of the business that were hacked, and other clauses in the deal show that this isn't Zurich's problem at all.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hack, insurance, lawsuits, playstation, playstation network
Companies: sony, zurich american insurance

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

The eejit (profile), 22 Jul 2011 @ 3:03pm

A big win for, um, errr, um....I'll get back to you on that one.
[ link to this | view in chronology ]
- Donnicton, 22 Jul 2011 @ 3:33pm
  
  Re:
  The Recording Industry.
  [ link to this | view in chronology ]
out_of_the_blue, 22 Jul 2011 @ 3:40pm

Techdirt take: But, users still /have/ their "stolen" identities!
And I've no sympathy for game players. No one to root for, and I've despised Sony since it moved manufacturing to China and cheapened products, so I'll just hope they bear the brunt.

By the way, wrangling over liability is STANDARD technique to avoid paying out promptly: they put money in interest-bearing escrow accounts and minimize losses, while hedging risks through other insurance underwriters.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Jul 2011 @ 3:58pm
  
  Re: Techdirt take: But, users still /have/ their "stolen" identities!
  Uh...users do still have their stolen identities. In fact, I swear TechDirt has commented how the whole "stolen identities" thing is a complete misnomer.
  [ link to this | view in chronology ]
  - Chargone (profile), 22 Jul 2011 @ 6:22pm
    
    Re: Re: Techdirt take: But, users still /have/ their "stolen" identities!
    i'm pretty sure that line comes fairly directly from that commentry, actually. (or at least it seems to be based on the comedy skit where the guy's trying to get the bank to admit that it was robbed, not him.)
    [ link to this | view in chronology ]
  - A Dan (profile), 25 Jul 2011 @ 8:04am
    
    Re: Re: Techdirt take: But, users still /have/ their "stolen" identities!
    http://www.techdirt.com/articles/20090818/1500525914.shtml
    http://www.techdirt.com/articles/2009091 0/0331426151.shtml
    [ link to this | view in chronology ]
- :Lobo Santo (profile), 22 Jul 2011 @ 4:01pm
  
  Re: Techdirt take: But, users still /have/ their "stolen" identities!
  Not bad! Your semi-logical statement almost makes since--except an identity is provably made less valuable by sharing; it is the exact opposite of an infinitely distributable good. (To cite precedence: see SSN 078-05-1120)
  
  You get a B+ on your trolling.
  Try a little harder and that could be an A.
  [ link to this | view in chronology ]
  - crade (profile), 25 Jul 2011 @ 8:04am
    
    Re: Re: Techdirt take: But, users still /have/ their "stolen" identities!
    There is only 1 "identity", it isn't copied or stolen, thats just a euphamism for someone who is pretending to be you. It's more a form of fraud than copying or stealing.
    [ link to this | view in chronology ]
- Anonymous Coward, 22 Jul 2011 @ 5:34pm
  
  Re: Techdirt take: But, users still /have/ their "stolen" identities!
  Yes, 'identity theft' is a technically inaccurate colloquialism. I assume from your exclamation point that you felt you'd get some resistance on this point?
  
  No sympathy for game players? That's a little... callous to say the least.
  
  No arguments on the liability wrangling. Writing a huge check is obviously worse than taking a gamble on only having a write a much smaller check for your lawyers. Also not sure if or why you'd expect to get resistance on that either.
  [ link to this | view in chronology ]
- Anonymous Coward, 26 Jul 2011 @ 12:35am
  
  Re: Techdirt take: But, users still /have/ their "stolen" identities!
  Me too. Most gamers had no sympathy when Other OS was disabled so they can suck it as far as I'm concerned. If they go out of their way to ridicule hackers, why should I care what happens to them?
  [ link to this | view in chronology ]
Mike42 (profile), 22 Jul 2011 @ 3:48pm

We're covered!
Wow, now we know why Sony's execs were so smug when hackers had taken the network down. I'd love to have been a fly on the wall when Zurich showed them that the damages weren't covered.
I worked at an extended warrantee company, and I've had to tell people that repairs weren't covered. This would be the one time that I would enjoy it.
[ link to this | view in chronology ]
Mr. Smarta**, 22 Jul 2011 @ 3:58pm

Easy answer.
[ link to this | view in chronology ]
Mr. Smarta**, 22 Jul 2011 @ 4:01pm

Easy answer.
Two words... 'Government bailout' or 'Internet Tax'. They'll lobby Congress, who will see their plight and of course bend over backwards (or forwards) to help Sony out. Because don't you know those 55 lawsuits will, in total, equal $0.55 for each user for damages. One little 1% tax on all e-mail, internet connections, and $0.10 for each CD because "everyone is a thief" should about cover their losses, get them back on the horse, and give each executive $1billion bonuses each year for the next few years. No problem.
[ link to this | view in chronology ]
Anonymous Coward, 22 Jul 2011 @ 4:05pm

It seems like Sony
cut corners on both security and insurance. Someone needs to be h(f)ired to clean this mess up. Mr. Murdoch?
[ link to this | view in chronology ]
Anonymous Coward, 22 Jul 2011 @ 4:23pm

Risk Management, apparently Sony has none.
[ link to this | view in chronology ]
PopeRatzo (profile), 22 Jul 2011 @ 4:35pm

I'll accept that
I'm inclined to agree with the insurance company?

Why should they have to pay for the damages of Sony having it's PSN hacked? Isn't there some exception in insurance contracts if the party had it coming?
[ link to this | view in chronology ]
- Ilfar, 22 Jul 2011 @ 5:08pm
  
  Re: I'll accept that
  If my vehicle is stolen after I repeatedly pulled out in front of everyone at intersections, ran others off the road, and parked in disabled spaces, my insurance will still pay out so long as it's registered, warranted, and was parked legally at the time. If Sony can demonstrate they took appropriate steps to minimise the risk of something like this happening, then no matter what they did wrong it should still pay out. Of course, if I left my vehicle unlocked and it got stolen...
  
  This is all predicated on the event in question being covered. I wouldn't get far on that claim if I only had third party insurance.
  [ link to this | view in chronology ]
  - Atkray (profile), 22 Jul 2011 @ 5:58pm
    
    Re: Re: I'll accept that
    Even with comprehensive coverage they won't cover it if you leave it running with the keys in it.
    
    If you only have have liability coverage and it is stolen they won't cover it at all.
    
    Most of the so called "Hacks" were results of Sony failing to to implement basic security procedures to secure their networks, much like locking the door on the car you left running but leaving the window rolled down.
    
    This is Sony's mess they failed to take reasonable precautions.
    [ link to this | view in chronology ]
  - Manabi (profile), 22 Jul 2011 @ 6:42pm
    
    Re: Re: I'll accept that
    
    If Sony can demonstrate they took appropriate steps to minimise the risk of something like this happening, then no matter what they did wrong it should still pay out. Of course, if I left my vehicle unlocked and it got stolen...
    
    And there's the key, there were reports that Sony wasn't keeping their servers patched and up-to-date. I also seem to remember Sony admitting they hadn't applied an update in some of their ecommerce software and that was part of how they attackers got in. If that's true, then the insurance company may have an out, because Sony wasn't following standard security practices and essentially, from a legal standpoint, were asking for it.
    [ link to this | view in chronology ]
    - That Anonymous Coward, 22 Jul 2011 @ 9:51pm
      
      Re: Re: Re: I'll accept that
      Given the sheer number of intrusions into Sony held websites and the pile of material taken.... I think it is safe to say they were not following any security practices.
      [ link to this | view in chronology ]
    - node (profile), 23 Jul 2011 @ 2:21am
      
      Re: Re: Re: I'll accept that
      http://pro.sony.com/bbsc/jsp/forms/generateCaptcha.jsp
      
      This is the captcha on th pro.sony.com site.
      It is not a jpg, but just html/css with a jscript disabling the right mouse button. Of course even with the right mouse button disabled you can still view the source code.
      
      I think this says it all about Sony security practices...
      [ link to this | view in chronology ]
      - Troy, 25 Jul 2011 @ 3:08am
        
        Re: Re: Re: Re: I'll accept that
        Why would a person need to look at the source code.
        
        Spare a thought for the poor bot that doesn't *have* a right mouse button to click and look at the source... snap.
        [ link to this | view in chronology ]
Anonymous Coward, 22 Jul 2011 @ 4:41pm

Wouldn't it depend on the terms of their insurance policy?
[ link to this | view in chronology ]
- Rich Fiscus (profile), 23 Jul 2011 @ 1:43pm
  
  Re:
  Yes. And it's worth noting that insurance companies routinely attempt to get out of paying big claims regardless of whether they are legitimate or not.
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 Jul 2011 @ 11:31pm
    
    Re: Re: Get Out Of Paying
    Yup. Standard procedure. Any insurance company will always attempt to welsh on its obligations, unless it has no hope of winning the court case. Trying to get an insurance company to pay up, immediately puts you up against trained experts in not paying. Those experts usually win.
    
    Any time you might want to pay an insurance premium, ask yourself, "Am I actually buying any cover at all?" Very often, the answer is "no". Insurance companies always turn hostile come payout time. Do you really want to pay someone who is guaranteed to be hostile if you ever really need them?
    [ link to this | view in chronology ]
    - David Muir (profile), 24 Jul 2011 @ 8:47pm
      
      Re: Re: Re: Get Out Of Paying
      I've noticed a few comments on TD lately that use blanket statements to describe groups of people.
      
      - All police officers are corrupt thugs.
      
      - All insurance companies will be hostile if you make a claim.
      
      - All (insert profession here -- like lawyer or real estate agent) are thieves and liars.
      
      There are valid reasons why people have these impressions. But it is a shame that a few members of the various groups have tarnished group reputations to such a degree that otherwise highly intelligent people stoop to such broad-brush characterizations.
      
      I have been helped by cops and lawyers. I have made more than one claim to insurance companies and never had anything but polite and friendly assistance -- and no argument about payout.
      [ link to this | view in chronology ]
AW (profile), 22 Jul 2011 @ 7:23pm

Dear Sony...
This is what happens when douche lawyers do douchey things to you. This is how people that used to be your fans have felt by your strong arm tactics and refusal to allow us to do anything more than rent your equipment and carry all the costs associated with ownership.

If you were a company of integrity you would care far more about the users injured by your neglectful actions than the costs associated with doing business, but you've finger pointed, blamed everyone but yourself for the ills that have befallen you. If the situation were reversed, you would gleefully be telling the other party that they should have found that clause discounting that particular part of the product from the insurance/warranty program. I would hope this would be a teaching moment, one where you realize how much your users mean to you and cause a change in the way your corporation associates with and views your clients and end users. Based upon your past actions, this looks unlikely and seems that it would only escalated the douchiness that your company now possesses.

Wishing you the best in future network security, for your users sake.

AW
[ link to this | view in chronology ]
G Thompson (profile), 22 Jul 2011 @ 9:58pm

This is because it was a force anonymes attack

Muwahahahahaha
[ link to this | view in chronology ]
Anonymous Coward, 23 Jul 2011 @ 3:13am

I've got to agree with the insurers
Sony did the equivalent of parking their car in the worst neighborhood in town, leaving it unlocked, with the keys in the ignition, the engine running, the windows rolled down, and bags of twenties visible on the back seat. They were completely, utterly, thoroughly negligent, having made NO credible attempt of any kind to secure their operation(s). They, and they alone, should pay all costs, including litigation and settlement. There's no need for any insurer to cover this kind of obvious and pervasive stupidity.

I'm sure if they're a little short on cash that they can just empty the accounts of their Cxx-level executives (who are personally responsible for this) or sell off a few of their extra homes, luxury cars, stock accounts, etc. There's plenty of money there.
[ link to this | view in chronology ]
David Good (profile), 25 Jul 2011 @ 9:34am

It's not clear to me, did Sony expect their insurer to cover losses or penalties related to them being sued in the aftermath of the hacking? Or was Sony expecting the insurer to pay for the system upgrades to fix the security holes that was Sony's fault? Or did they expect Zurich to pay for their income loss for the month they had the network offline?
[ link to this | view in chronology ]
- DH's Love Child (profile), 25 Jul 2011 @ 12:33pm
  
  Re:
  I believe the correct answer to this is Yes.
  [ link to this | view in chronology ]