Today, as reported by Law360, the New York Supreme Court (New York’s trial court) held that two insurers have no duty to defend Sony Corporation in approximately 60 underlying lawsuits filed in connection with the 2011 data breach of Sony’s PlayStation Network.  There is no written opinion available.

Following oral arguments, Judge Oing ruled from the bench that Sony’s liability policies, which provide personal and advertising injury coverage for oral or written publication of material that violates a person’s right to privacy, applies only to actions committed by Sony, as the policyholder, and not to the actions of third-parties who hacked into the network and stole personally identifiable information (PII). Read More

Last week, The Coverage Inkwell discussed a new data breach case, Galaria v. Nationwide Mut. Ins. Co., No. 13-118 (S.D. Ohio Feb. 10, 2014), in which an Ohio federal court held that a slew of allegations in two putative class action lawsuits, including increased risk of identity theft, and out-of-pocket credit monitoring expenses, did not constitute an injury for purposes of standing.  The court also addressed whether the lawsuits alleged viable claims of the tort of invasion of privacy.  This latter issue is now addressed here.

In Galaria, Nationwide Mutual Insurance Company was sued by two putative class actions after it notified class members that data thieves had hacked into its computer systems and stolen class members’ personally identifiable information (PII).  (Id. at 2-3.)  In its notification letter, Nationwide suggested that plaintiffs undertake steps to safeguard their PII, including to monitor their credit reports and bank statements, and it offered them one year of free credit monitoring and identity theft protection through Equifax. (Id. at 2.)  Nationwide also suggested that plaintiffs freeze on their credit reports at their own expense.  (Id.) Read More

A new data breach decision has just come out, Galaria v. Nationwide Mut. Ins. Co., No. 13-118 (S.D. Ohio Feb. 10, 2014).  The decision, a copy of which is attached, involves two putative class action lawsuits alleging increased risk of identity theft as a result of a data breach and theft of personally identifiable information (“PII”).  The issues addressed by the Court are whether such claims allege an injury, and whether they allege a viable claim for invasion of privacy.

Both issues are critical in data breach claims.  Because space afforded here is limited, The Coverage Inkwell will address each issue separately.  This issue focuses on the Court’s discussion of whether allegations of increased risk of identity theft, fraud, and phishing resulting from a data breach constitutes an actual injury to satisfy standing requirements.  The next issue will focus on the Court’s discussion of whether the data breach claim alleged a viable claim for invasion of privacy. Read More