Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Networking Security Sony The Courts The Internet United States News Your Rights Online

Sony Sued For PlayStation Network Data Breach 404

Posted by samzenpus
from the lick-em-while-their-down dept.
suraj.sun writes "Like clockwork, the first lawsuit resulting from the security breach of the personal data of more than 75 million Sony PlayStation Network customers has been filed. The suit was filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the US District Court for the Northern District of California. Johns accuses Sony of not taking 'reasonable care to protect, encrypt, and secure the private and sensitive data of its users.' He also believes Sony took too long to notify him and other customers that their personal information had been exposed. Because of that, the complaint alleges, Sony did not allow its customers 'to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions.'"
This discussion has been archived. No new comments can be posted.

Sony Sued For PlayStation Network Data Breach

Comments Filter:
  • by Anonymous Coward

    the great battle of our time...

  • He got notified? (Score:5, Insightful)

    by FSWKU (551325) on Wednesday April 27, 2011 @06:43PM (#35958712)
    I still have yet to hear a single word out of Sony. Had I not seen the Playstation Blog post, I would have known NOTHING about the severity of this issue until it hit all the major news outlets.

    Sadly, I know how this is going to turn out. There will be a class-action suit in which Sony is fined heavily. But the vast majority of the money will go to some shark lawyer, and the only thing the people affected by this will receive is a free 1-month subscription to PSN+. Actually, I'll be surprised if they even give us that much.

    If this DOES go class-action, I will definitely be on the lookout for my notice to opt out. If I see any erroneous charges on my card stemming from this massive amount of incompetence, I want to retain my full legal right to bring my own suit against Sony where they will be required to provide me with credit monitoring and credit fraud protection. I'm sorry, but a boilerplate "we're sorry" and some token gesture are NOT going to cut it here.
    • by Labcoat Samurai (1517479) on Wednesday April 27, 2011 @06:46PM (#35958734)

      I still have yet to hear a single word out of Sony. Had I not seen the Playstation Blog post, I would have known NOTHING about the severity of this issue until it hit all the major news outlets.

      Indeed. On the blog, I noticed some apologist in the comment section trying to defend Sony by saying that it takes a long time to send 77 million emails. Tell that to a spammer, I thought.

    • Re:He got notified? (Score:4, Interesting)

      by Bios_Hakr (68586) <xptical AT gmail DOT com> on Wednesday April 27, 2011 @06:54PM (#35958798) Homepage

      Definitely. I'd love to see Sony deal with 77M suits in small-claims court.

      At $500 per suit, that would be something like $38B.

      • by FSWKU (551325)
        Don't forget the legal fees incurred (both from Sony's lawyers AND having to pay the legal fees for every claim they lose).
      • by Nerdfest (867930)
        Isn't that effectively what they did to Lik Sang?
    • by Destoo (530123)

      I've just received my notice. What took time was the translation/localization to french, probably.

      It's still unacceptable, but at least I received it.

      • Apparently that doesn't take as long as the U.S. localization and translation into English required for mine, which has still not materialized.

      • by vegiVamp (518171)

        Heh. Just got the Dutch notification, too. It says data was 'compressed' and more crap like that. Seems they can't even be bothered to get proper translators.

    • Check your inbox. My friend literally just got an e-mail from Sony about this.
      • by FSWKU (551325)
        I just now got the notification in my email (literally about 30 seconds ago). This was on the Playstation Blog WELL over 24 hours ago, and I'm only just now getting a notification (which states the exact same thing). There is no excuse for taking this long.
      • Dear Mr. Anonymous Coward,

        We at Sony are deeply sorry for the worry and risk to your financial security we have caused. We are committed to fix our errors and making financial settlements. Please click on the link below and provide your bank account number so that we may deposit the amount of $11,000.

        http://stupidpsnusers.russianmafia.ru/stealyourbankinginfo.php [russianmafia.ru]

      • by sjames (1099)

        Hello, this is Somy Nigerian ofice. Please provide us with your banking details so you can receive you compensation. Don't beliv other claims we're the reel somy.

    • I got this e-mail from Sony [playstation.com] this morning. A little late, perhaps? <sarcasm>

      Though here's a question: How many other companies have the backbone to own up quite so readily, instead of trying to cover it up to save face?

      Don't get me wrong, I'm not trying to defend Sony (after all, it seems thay they're finally getting help to make their system more secure, implying that their efforts were not solid enough to start with). But what I am saying is that I generally don't trust businesses to keep secure pe

  • It takes time to find out what has been compromised. The hacker won't just come out and say "All your base are belong to us" Sony told us when they found out. If they did say that there is a possibility on day one that it may be compromised then there would be a lot of hectic and closing bank accounts on an hunch. If nothing had been compromised and they told us it may be (on day one) then people would be mad and still sued Sony for misleading them. Crap happens, suing doesn't make it better. Plus nobody sa
  • by cultiv8 (1660093) on Wednesday April 27, 2011 @06:48PM (#35958742) Homepage
    46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4
    • by shish (588640) on Wednesday April 27, 2011 @07:34PM (#35959060) Homepage
      If those are the grid references for the different pieces of Sony's battleship, I'm surprised it can float in the first place o_O
    • 46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4

      I intend to be elsewhere when the 70 million PSN account holders get a real live geek within their sights.

      It is not going to be pretty.

      Not to mention the money and firepower backing up those who sell products and services through PSN -

      and the banks who finance and service the transactions. They too will be out for blood.

  • DRM anyone? (Score:5, Insightful)

    by lasinge (1009929) on Wednesday April 27, 2011 @06:51PM (#35958780)
    It's funny how Sony works so hard to protect their data and content via all their DRM attempts, when it's their customer's - not so much. On the other hand, they now have something to point to when people want to run whatever OS they want to run on their machines. Still, they can't stop it, they should focus on keeping their customer's credit card info out of harm's way (remind me why they need to keep persistent credit card data anyway? That should be an opt in only type of thing, with a required expiration date otherwise.) On a related note, when I set up a new account at my bank they only allow alpha-numerics with no special characters. WTF? Try to explain rainbow tables to a bank representative. So I used all of them ... I had the longest password she had ever seen.
  • Well... (Score:5, Interesting)

    by Anonymous Coward on Wednesday April 27, 2011 @06:51PM (#35958782)

    Actually I just got a notifaction from Sony abou this today.
    And According to this http://vgn365.com/2011/04/26/psn-users-reporting-hundred-of-dollars-stolen-from-them/
    The CC's are already in the wild.
    I know Visa is aware of the issue. They have reissued me a new card based on this information.
    So yea it could go somewere

  • by artor3 (1344997) on Wednesday April 27, 2011 @06:59PM (#35958846)

    Our wonderful, conservative-activist Supreme Court just ruled today that any company may stick a line in their EULA stating that by using their product, you forfeit the right to sue, and must instead use a private arbiter of the corporation's choice. They based this decision on a 90 year old law that was written to cover maritime shipping disputes.

    Of course, since most contracts these days state that the corporation has the right to change the terms at any time without notice, this basically means that you can no longer sue a company that you've entered into a contract with.

    Still think you have rights? Not as long as a Republican holds office!

    • Re: (Score:2, Informative)

      by fermat1313 (927331)

      Um, you completely don't understand this. Arbitration is a long-standing method of settling a dispute between parties. It is extremely common in Professional Services engagement agreements, and it is also very common in other service agreements. I'm quite sure almost every agreement you sign for internet, phone, electricity, cable TV, etc also includes arbitration language.

      Arbitration is a good thing. It allows small matters to be handled quickly, less expensively, and without mucking up our already c

      • by PRMan (959735) on Wednesday April 27, 2011 @08:19PM (#35959292)
        Techdirt [techdirt.com] just found that 96% of awards in business vs consumer arbitration go to the business. Still stand by your statement?
        • Re: (Score:2, Informative)

          by raehl (609729)

          If by "go to the business" you mean the customer was charged $30.22 extra, and the business offered $30.22 credit, and the customer wanted arbitration, and the arbitrator decided on $30.22, then yes, I stand by his statement.

      • by cptdondo (59460)

        Arbitration works well between equals, or those who have equal exposure, and in highly technical disputes like proifessional services where a jury of one's peers would be hard to find.

        That relationship does not hold for an individual customer against a company that is larger than most nations, and controls vast resources.

    • Re: (Score:3, Informative)

      by lenroc (632180)

      Our wonderful, conservative-activist Supreme Court just ruled today that any company may stick a line in their EULA stating that by using their product, you forfeit the right to sue, and must instead use a private arbiter of the corporation's choice.

      Not true, actually. They ruled [npr.org] that customers that have signed a contract with a clause to that effect are bound to it. AFAIK, there is no settled case law saying that a shrinkwrap EULA is equivalent to a valid, signed contract.

    • by xMrFishx (1956084)
      EULAs don't trump consumer laws, especially in europe. You don't have a signature on a EULA, they don't mean jack shit over here. The ICO (information comissioner's office) - responsible for the data protection laws in the UK is already looking into this.
  • by Mad Leper (670146) on Wednesday April 27, 2011 @07:12PM (#35958936)

    Hmm, something not right here.

    PSN is free, so it's hard to imagine how anyone is entitled to any compensation there unless it's through a goodwill gesture by Sony (which they definitely should do).
    No proof yet any credit cards have actually been compromised. And before you all get puffy and worked up, literally, NO PROOF of any CC problems that can be linked to the PSN breach have been proven (yet).
    There's no way the banks would allow Sony to have access to CC accounts without being regularly audited, never heard of any problems there. So I would think it's safe to assume they've been following safe business practices or else we would have heard something by now.
    According to latest reports, Sony reported the possibility of account & CC details being compromised a little over a day after they found out. Difficult to claim that's an egregious length of time given the circumstances.

    With all that plus the fact that it's common knowledge that Sony has been repeatedly targeted by hackers and thieves out of revenge for Sony having the audacity to protect their network and customers, this lawsuit is going to have a very difficult time making any headway.

      So what is exactly this lawsuit about? Since this originates in the US (the most litigious country in the world) I say it's just more ambulance chasing i.e. business as usual.

    • by raehl (609729)

      PSN is free. The multi-player game that doesn't work at all if PSN is down isn't.

    • by tgd (2822)

      On top of that, there is zero liability, generally, for fraudulent credit card transactions, and they didn't have enough data for real identity theft.

      Card numbers getting stolen are a pain in the ass, but I've never seen anywhere liable for anything more than once in a while paying for a year of credit monitoring service or something.

      • by Cederic (9623)

        they didn't have enough data for real identity theft

        Well, no, they didn't have full DNA samples, photographs of all scars and tattoos and a voiceprint to enable full replication.

        I guess it's lucky that they can't do too much damage with name, address, date of birth, security question answers and credit card details.

        Care to share yours?

    • by Nemyst (1383049)

      1) PSN is free, but that doesn't mean anything. The information I've given Sony have been given in the assumption that they would be kept with a modicum of safety. This was obviously not the case. It's even worse if the credit cards have indeed been compromised, in which case monetary compensation is far from being out of the question.

      2) Reported a day after, where? I'm sorry, but saying it somewhere on the internet doesn't count. If you don't contact your customers on agreed-upon areas (email is the sole o

    • by vegiVamp (518171)

      > PSN is free
      Playstation Plus isn't.

      > NO PROOF of any CC problems that can be linked to the PSN breach
      Pretty hard to prove in the best of cases. You could just as easily go the other way and have Sony prove someone else leaked the card. You'd need to track down the source of the fraudulent charges and keep tracking right to the source in both cases.

      > no way the banks would allow [...] without being regularly audited
      Are you really suggesting that banks audit their corporate customers' software, on a

  • Sue the crap out of them and be rich, otherwise you'll just probably end up with free X days the service was down, and your lawyer will be rich instead.

    • by xs650 (741277)
      The real value of a successful class action suit is that it can get the point across to a company that it can be cheaper to behave honorably and competently than not.

      If you get some money, that's just frosting on the cake.

The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay

Working...