In 2011, hackers breached Sony Corporation’s PlayStation Network, stealing the personal information of millions of users. Sony sought coverage for multiple class actions brought by users, asserting that the resulting claims triggered the “personal and advertising injury” coverage under CGL policies. Representing a global insurer with tens of millions of dollars at stake in this unprecedented case, we argued that CGL coverage did not apply because the data breach did not involve “publication” of material and because the insured had not made any publication. The Supreme Court of New York County agreed that data theft by a third-party is not tantamount to publication and that the CGL form required the insured commit the offense. This ruling is an important bulwark for insurers to differentiate traditional CGL from specialized cyber liability coverage.