Suit Filed Over PlayStation Data Breach28 Apr, 2011 By: Chris Tribbey
A San Francisco-based law firm has filed a class action lawsuit against Sony Computer Entertainment America, after the company admitted that an attack by hackers had compromised the data of approximately 77 million PlayStation Network subscribers.
Calling it “one of the largest data breaches in the history of the Internet,” the firm that filed the suit alleges Sony was negligent in protecting and encrypting the private data — which may have included credit card numbers — of subscribers to the PlayStation 3 online network. The complaint alleges that due to the breach, some members have already begun to experience fraudulent use of their credit card information.
“We brought this lawsuit on behalf of consumers to learn the full extent of Sony PlayStation Network data security practices and the data loss and to seek a remedy for consumers,” said Ira P. Rothken, an attorney with Rothken Law Firm, which filed the suit April 27. “We are hopeful that Sony will take this opportunity to learn from the network vulnerabilities, provide a remedy to consumers who entrusted their sensitive data to Sony and lead the way in data security best practices going forward.”
The suit seeks compensation for the data loss and loss of use of the Sony PlayStation Network, credit monitoring and other relief, based on the extent of damage PlayStation Network users incur due to the data theft.
Sony took the PlayStation Network — as well as its the Qriocity music service —offline April 21, after determining that between April 17 and 19 “user account information was compromised in connection with an illegal and unauthorized intrusion into our network.” As of April 28 the services still were offline, prompting companies like Hulu to offer subscribers to its PlayStation Network services credit for the lost access.
“These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity, including online gaming and online access to music, movies, sports and TV shows,” Patrick Seybold, senior director of corporate communications and social media for Sony Network Entertainment, wrote to subscribers April 26. “We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.”
Users’ names, addresses, passwords and logins, online ID, profile data and purchase history were compromised. “While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” according to a statement from Sony.
Sony said it is taking steps to “enhance security and strengthen our network infrastructure.”
But that’s not enough, according to the suit, which was filed in U.S. District Court in Northern California, on behalf of Birmingham, Ala., resident Kristopher Johns and other subscribers. Sony acted too slowly, the suit alleges, and when it did, it didn’t do enough for its subscribers.
“[Sony] unduly delayed or failed to inform in a timely fashion the appropriate entities and consumers whose data was compromised of their vulnerabilities and exposure to credit card (or other) fraud such that consumers could make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports or take other mitigating actions,” the suit reads. “[Sony] has failed to provide regular credit reports and credit monitoring at their own expense to those whose private data was exposed and left vulnerable. This has caused, and continues to cause, millions of consumers fear, apprehension and damages.”