Sony is trying to weather the storm of controversy over the breach of the PlayStation Network. While Sony has confirmed that the network attack did result in the compromise of personally identifiable information, they have released a statement stating that the credit card information that was stored on their servers was, in fact, encrypted. Likewise, Sony's statement defends the security of their PSN network (which has been offline due to a security breach for a week), saying that they had several layers of security in place before the incident occured.
This, however, has not stopped a group of customers from suing the entertainment giant. Attorney Caleb Marker has filed suit in Los Angeles, California, and is seeking class action status for his lawsuit, stating "Sony broke its contract and violated its customers' trust." Likewise, Kristopher Johns from California has sued Sony in District Court, saying that Sony's security was poor, and citing their failure to encrypt personal information. This lawsuit also seeks class action status.
In both instances, it's been stated that Sony waited too long to notify customers of the massive data breach, and the lawsuits go as far as to cite consumer fear (as well as real and percieved damages) as a direct result of the data theft. More pressing in several customers' minds is who is going to pay for monitoring the credit of consumers affected by the data breach. Government officials here in the States have stated that Sony should offer to pay for up to two years of credit monitoring and repair for affected customers.
What is the potential financial impact of this data breach? Some in the press (GameSpot) cite sources that since each incident of identity theft typically costs society about $315, the societal cost of this data breach could be as high as $24 billion. While this is obviously a wildly inaccurate figure, what is clear is that no one really has a clear picture of what the cost will be to Sony and to their customers as a long term result of this data breach. One angle that is yet to be explored either in court or directly addressed by Sony is how many other data breaches this PSN hack will cause. The data theft includes information about "password reset questions." Password reset "security questions" are fairly common and repeated on the Web. A common question may be "What city were you born in?" Given that the hackers already have other biographical information about the customers, this data breach could lead to hackers making guesses about the answers to these questions that would in turn compromise bank accounts, online shopping sites, and this activity could continue nearly undetected for years.
Below is our earlier coverage of the Sony PlayStation Network hack attack / breach:
Sony has finally begun to acknowledge the true reason behind their week long outage of the PlayStation Network. The intrusion detailed today by Sony affects over 70 million customers, who have suffered the loss of personal information. The frightening details of the extensive and complete compromise of PSN have finally come to light in a statement released this afternoon.
The upshot is that 75 million accounts have been compromised in what must be the most complete and utterly destructive information theft yet on record. Disclosed in today's statement is the fact that your PSN account ID, password, password reset question (and answer), full name, address, what you've purchased, birthdate, and more have all been stolen from Sony due to a weakness in their network security. Likewise, if you own a Web-connected Bravia TV or Sony Blu Ray player, your information has been compromised as well, because Sony combined PlayStation Network with Qriocity. Customers in at least 11 countries are affected by this network break-in / hack.
It's been nearly a week since the Sony PlayStation Network has been shut down, and longer since Sony was made aware of the compromise to their network. One has to wonder why it took so long to disclose the information breech.
Sony has also acknowledged that it may be another full week before service is finally restored to their network.
Continued on Next Page