Print 32 comment(s) - last by Smilin.. on May 6 at 4:02 PM

The lawyers are coming for Sony, after it lost 101 million customers' information.  (Source: David Pear)

Sony has thus far refused to clarify whether users' credit cards were stolen. Its statements suggest that as many as 10 million customers MAY have had their credit cards stolen.  (Source: China Post)

Sony waited two days before informing the FBI of the breach and a full week before informing customers. Many customers are also distraught about their passwords, real names, and email addresses being stolen -- a combo which could give cybercriminals access to users' private online accounts.  (Source: Hard Forums)
After two high profile data losses, company has recruited the FBI and a private firm to crack down

Sony Corp. (6758) has been rocked in recent weeks by a pair of high profile system intrusions. One intrusion caused the outage of the company's Qriocity streaming media and PlayStation Network (PSN) services, along with the loss of 77 million customer records.  A second intrusion at Sony Online Entertainment lost 24 million additional customer records.

Together the intrusions may have lost over 10 million customers credit and debit cards, though Sony is still being unclear about whether or not this valuable information was taken.

I. Stepping up Security

In an effort to clean up its act, Sony has hired privately held security firm Data Forte to track down the cyber criminals.  Data Forte is the brainchild of a former special agent with the U.S. Naval Criminal Investigative Service.

The Japanese electronics giant has also retained cyber-security detectives from Guidance Software Inc. (GUID) and consultants from Robert Half International Inc.'s (RHI) subsidiary Protiviti to assist in the investigation and cleanup.

There is a bit of irony there, in that Robert Half was itself the victim of customer data loss just weeks ago.  Robert Half contracted email service solutions firm Epsilon to manage its client email database.  Like many Epsilon customers, it was shocked to hear that Epsilon's entire database of emails from various client companies had been stolen.

The three investigating firms are working closely with U.S. Federal Bureau of Investigations (FBI) to examine possible identity theft or credit card fraud attempts from the individuals who stole the information.

II.  What's the Status?

One of the frustrating things about the entire incident is that Sony has been extremely unclear about whether users' credit cards were stolen.  In all of its statements it adopted ambiguous legal language-esque passages, which while not saying the cards numbers were stolen, also did not rule out the possibility.

Initially, Sony was also very quiet about the breach itself, waiting a full week before informing customers of its discovery and why the networks were down.  When it did finally inform them, it did offer them a great deal of information about the breach itself (though it offered precious little clarification on some of the most important points, like credit card loss).

Sony, whose Japanese executives have publicly apologized to customers, has also been silent about its ongoing investigation.  

Other security firms, though, who aren't involved firsthand, but reportedly have knowledge of the situation, are speaking out.  In an interview with Reuters, David Baker, vice president of services with electronic security firm IOActive, states, "It's a significant operation."

He said that he believes that Visa and MasterCard have hired their own investigators to probe the incident as well.  If true, this may indicate a greater likelihood that credit card information was indeed lost.

Sony is facing pressure from politicians about its failure to clarify the situation to the public.  Connecticut Senator Richard Blumenthal (D-Conn.) sent a letter to Sony on Tuesday demanding that it clarify whether or not credit cards were stolen.

In the letter he says he will call on the U.S. Attorney General, Eric Holder, to probe whether or not Sony should be held criminally or civilly liable for losing its customers personal information, including, potentially, financial records.

He writes:

I would appreciate a direct and public answer detailing what the company will do in the future to protect its consumers against breaches of their personal and financial information.

Reportedly one thing Sen. Blumenthal and others are upset about is the report that Sony waited two days after finding out about the breach before contacting the FBI.

III. Legal Troubles Ahead for Sony?

Despite its efforts to turn the corner with its internal security and track down the perpetrators of the breach, legal troubles may be looming for Sony, as Sen. Blumenthal's comments might suggest.  

The company has retained the services of Baker & McKenzie, a law firm.  Reportedly the move was designed to retain services to help prosecute cyber-criminals involved in the break in.

However, it may also be designed to beef up Sony's legal defense against customers.

A Toronto law firm on Tuesday announced a $1B CD ($1.05B USD) class-action suit against Sony for breach of privacy, naming a 21-year-old PlayStation user from Mississauga, Ontario, as the lead plaintiff. Lawyers for McPhadden Samac Tuovi LLP, say that the suit's requested damages would allow Sony's customers to purchase fraud prevention and credit monitoring service for two years.

It is likely that similar class action lawsuits will pop up in the U.S. and the European Union. 

Many Sony customers are upset not only about the possible loss of their credit card information, but also the loss of their usernames and passwords.  While hashed, it's possible that sophisticated hackers could reverse the hash, giving them access to potentially millions of users Facebook, Gmail, Twitter, and other accounts, given that they also have the users emails and real names (which were reportedly unhashed and unencrypted).

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

The impacted users should all receive free Xbox's
By Lord 666 on 5/4/2011 1:07:07 PM , Rating: 2
MS would really make a statement if it offered a free Xbox for all impacted PS3 users. Terms would include sending in the PS3 to be crushed.

By callmeroy on 5/4/2011 1:21:57 PM , Rating: 2
lol...that would be awesome..

If only there was definitive proof that you were the rightful owner of a PS3 and your account got hacked....since its the account at jeopardy and not the PS3 hardware. Otherwise everyone , hacking victim or not, would turn in a PS3 for a shiney new 360 (under the assumption they are just upset at Sony and that's how they get back at them).

By Wererat on 5/4/2011 1:27:29 PM , Rating: 2
Great, what about affected SOE PC customers? Even if it's true that SOE CC#s were stored separately, address and other personal info has been compromised.

By Aloonatic on 5/4/2011 4:28:07 PM , Rating: 2
If I have to send my PS3 in to be crushed, are MS going to provide me with a BluRay player too? :o)

I have a feeling that this is the last straw for many of the PS faithful, and they will be paying MS for an xBox next time around. Sony are probably quite lucky that the next generation of consoles aren't just about to be launched.

I stuck with SONY and the PS this time around, after having bought PlayStations since the PS one, and an original xBox too. I had an xBox 360 but sold it, with the RRoD issue being a factor, as well as cost of owning 2 consoles when I don't really get the time to play one.

Reasons to stick with Sony are dwndling. They have lost exclusives like Metal Gear Solid, while MS have some good games on their exclusive listt that I've played on friends 360s. Gran Tourismo was the other PS game that was in my thoughts at launch, so was one of the reasons why I went the PS route again this time, and the delays there have been very disappointing too. Then there's the otherOS issue and that Move seems pretty pointless to anyone who's played on or owned a Wii, Kinect seems to offer a whole lot more potential. So finally, there's the PSN, which isn't all that great and has been shown to be pretty poorly secured and some of my personal information is now in the hands of god knows who, and Sony don't really seem to know what's going on.

Next time around, my initial bias is going to be pro xBox, rather than pro PS. I think a lot of Play Station owners are going to feel the same way too, and MS wont have to do a single thing to win over console customers, Sony have done all the work for them, and crushed a free PS4 sales already.

By Aloonatic on 5/5/2011 5:36:10 AM , Rating: 2
Virtual media has been the future for a long time now. You can easily download any 1080P film from the net (even without piracy), or you can download blueray rips.
Erm, no you can't, at least, not for a lot of people, including me. Not unless I could get everyone in my home (and probably neighbourhood) to stop using their connection, and wait for a pretty long time. If everywhere had a good cable/fibre connection then I might agree with your condescending comment.

Also, in defence of the technologically impaired, who like to have a physical copy of their media... Who is getting the best use out of their PSP at the moment? The technologically impaired people who have an old fangled version that uses physical media, or the bright new clever people who have a PSP GO who just want to download their games from the PSN? Erm...

In 5 or 10 years time, your conceited comment might have some weight. However, at the moment, neither the physical high-speed broadband infrastructure exists in enough places to make streaming/downloading remotely feasible for enough people, and as this attack on (the media giant) Sony demonstrates, the commercial, server side ability for even large global corporations that provides a consistent, reliable and secure service to customers (that they can trust) does not exist either.

Also, can I legally borrow your copy of a film that you've downloaded? It's easy enough to give and sell on my BD disk, how about your fancy download? I can easily and cheaply store my BD film in a cupboard or shelf, how about you? Need a little server setup do you? Have to keep that up and running and if it goes wrong? Fine for you maybe, but not for everyone who probably could set-up a media server, but don't have the inclination to do it.

BD might be the last great hurrah for physical media, but their are advantages to physical media, so it's definitely got a place now and is by no means too late to the party for the many many people, even those who are not technologically impaired.

Kudos to you though, we'e all very proud of you for downloading and streaming your media. Fingers crossed that you don't have any problems like those that Sony users are having, or problems with your network, both internally or externally when you fancy watching a film.

By Onimuto on 5/5/2011 11:09:15 AM , Rating: 2
No you can't? Why and how you cant? Need your whole nieghbor hood to stop using inter
Net to be able to down load? Get higher bandwith inter net then.many site stream hd content. Of course with sony fan hd can only exsit on blue ray. I remeber when i bought my 60 gig ps3 and all the fanboys where going off about hd can only exist on blu ray.... So i proved this wrong by simply dowbloading a 1080p heavenly sword video off psn storing it on my sd and usb s
Flash drive and played them off both storage meduims.
I for know the well over 20 house holds dowb my street stream hd content. What ypu think the data ypur tv recives and data internet is so much diffrent? Hd hbo showtime discovery channel?
Get real. And if you go on about unconpressed serousily any $399 laptop can play the highest compressed hd content perfectly fine. I have a sandy bridge 2360 paired with an ati 6700 series and it sure can uncompresse and play content from hdd , e-sata, usb on tree diffrent media players (vlc,divx,quicktime) flawlessly.
Legally borrow not sure but you can stream it from number of sites. Youtube, hulu, net flix, sony, discovery network, and on and on. And as far as your lon time to dowb load i rip blu ray movies all the time with true hd audio, english subs abd files sizes are only 2.5-6.8 gigs at 1080p , and 800-1.9 720p. 2 terabyte hdds are cheap as hell 65$ sales and reg prices of 70-99$.
And blu ray is the what you say ?
"BD might be the last great hurrah for physical media, but their are advantages to physical media, so it's definitely got a place now and is by no means too late to the party for the many many people, even those who are not technologically impaired.".
Industry uses hollgrapic versrial disk 3.9 terabytes per disk same form factor as your cd,dvd,blu ray.
Most poeple only can truely use 720p quitly regardless of there display being capable of higher reslutions due to fact of lost quility from phsical screen size. Unless you are projecting a 10 foot by 6 foot projection the diffrences of 720-1080 is barely noticeable. Compters can go 5 megapixiel now. Move on with the times...

By Aloonatic on 5/5/2011 5:07:22 PM , Rating: 2
Get higher bandwidth internet? Brilliant, why didn't I think of that?!?

Quick, get to the UN and solve world peace with that amazing intellect of yours that can cut through problems so easily.


I'm not sure if you are being factitious, or intentionally obtuse, but the very very very simple point is that not everywhere has the sort of infrastructure that you are talking about.

Really, I don't knwo how to make it any simpler for you to understand.

I get that HD content can be streamed or stored on a flash drive or hard disk, and I have never said that it is imposable, but the places the capability and broad band infrastructure exists where people can throw out there BluRay disks and download HD content (not even at the same quality), 24/7, without impairing what the rest of the household are doing, even assuming that only 1 person in the home wants to watch a HD movie at any one time, is very patchy and has nothing to do with how technological impaired someone is.

Like the person I replied to, I am so very happy that you live in a place where people can down load and stream HD content, BUT A LARGE NUMBER OF PEOPLE IN THE MOST WESTERN COUNTRIES CAN'T, EVEN IF THEY KNOW HOW TO AND WANT TO.

Honestly, I don't know what some of you guys are on at times.

And then why you have to go on about industry using some sort of holographic disk when we are clearly talking about home consumers just boggles my mind, but doesn't surprised me.

By DarthKaos on 5/6/2011 10:46:05 AM , Rating: 2
To watch a movie on Blu-Ray.

I buy a TV. I buy a Blu-Ray Player. I rent or buy Blu-Rays. I watch Movies and TV shows on Blu-Ray. Any time I want to watch something, I just put it in and hit play.

To watch media that is streamed or on a server.

I need a device that can stream media. Cable and Satellite charge too much for movies. I want to stream Netflix so my TV has to be compatible or I need a PC. I need to have a PC in my living room or long cables or I use a laptop with long cables or hook it up when I use it. If I use a server I have to set that up. I have to keep up on updates. If I want to watch my movie someplace else I need to be sure I can stream or download there or I have to transfer my media to a portable storage device to take where I am going. I need to know what format it can play in where I am going or I may need to be able to play it on a screen everyone can see. So I have to verify that where I am going has a TV hooked up to or can be hooked up to a laptop or computer. Any time I want to watch I need an internet connection.

The list is long of things that are more difficult. Don't get me wrong though. I am a Netflix customer and I love to stream but I also get my favorite action flicks on Blu-Ray. Something tech people lose site of is how our "easy" and "normal" is not everyone's "easy" and "normal". Logging in, setting up, streaming, searching, etc... is not easy for everyone. Plus some people just don't like to take the time. My wife is a Network Engineer and very smart but she prefers throwing a disc in, sitting down, and enjoying a movie. She does not want to mess with anything else. The kids will have it all figured out though and be use to it. Digital media will not be the norm for 10 years. Having Blu-Ray discs at that point will be like having records now. You don't listen to them all the time but it is really cool when you do.

On a side note: I have watched the same movie back to back on Blu-Ray then streamed and blu-Ray is better (sound and picture). Sure the difference is small if you don't do side by side but it is there. So if you really love movies and have a decent setup, streaming just does not quite satisfy.

By ihateu3 on 5/5/2011 4:25:05 PM , Rating: 2
Any normal broadband connection can stream or download HD content. As for the PSP GO, I agree with you, but could it be because people did not want a rehash of the PSP? Considering Steam is dominating the PC over physical media, and most software for the PC is downloaded and not installed from disk, MP3's have replaced CD's, ect. Also their are certain services that do allow you to lend your digital copy out, in time this won't even be necessary with services like netflix taking over the marketplace.

As for my server and network, they have never went down in 6 years (aside of electrical outages). My server is a lowly 700MHZ headless PC which in all honesty is overkill for what it is doing, look up freenas for the server OS. Also a lot of modern routers now have the ability to just plug in an external HDD and turn your router into a media server.

And my statements where not condescending, just realistic.

By Aloonatic on 5/5/2011 5:32:49 PM , Rating: 2
Any normal broadband connection can stream or download HD content
No, it can't. Sorry, but average speeds in many places are around 2 to 3 mbps when the going's good, and that's just not good enough, even assuming that only one person wants to watch any one stream or download something at any one time.

I'm not sure about Steam dominating physical media in PC gaming, but I feel that you might be exaggerating somewhat, not to mention that the PC game market is somewhat smaller than the home movie market in terms of units sold.

Your point about MP3s is a good one though. Back in the early days of napster (late '90s) people were using dial up, and some might have been making similar comments as you just have only referring to downloading music and that only those who use CDs are the technologically impaired. However, it took a long time until broadband connections came along to make it realistic for music downloads to replace the CD, and many people still prefer to have their physical disk for other reasons, such as those that I pointed out. Current ADSL broadband connections (which is what most people have, although things are slowly changing) are just not good enough for all your HD video needs I'm afraid, just as dial up wasn't good enough for all music downloads. On the odd occasion, perhaps, but not all the time as a matter of course. When speeds improve and become more stable, then I totally agree with you (and have never said that it wont be a distinct possibility that downloads will replace physical disks for many), but that's going to be a while I'm afraid.

To be clear, I'm not saying that what you have said will not be true sooner or later, just that at the moment, your claims are just plain wrong. If you live alone in a flat with a cable/fibre connection, then you can do what you say. If you live in the average household however, with an average ADSL line with many people using it at the same time, along with everyone else attached to our exchange downloading HD videos too (as everyone would be the technologically literate utopia, that does not have BlrRay disks), then streaming or downloading HD video files and watching them is not going to be quite as feasible as you seem to think.

It has little or nothing to do with how technologically savvy someone is.

As for you claiming not to have been condescending. When you make comments like "Only the technologically impaired care about blueray", then I'm sorry to be the one to break it to you, but you are being condescending. Maybe you talk to people like this all the time and someone should have pointed this out to you in the past? I honestly can't say.

By Smilin on 5/4/2011 1:14:46 PM , Rating: 1
So how do you guys think Sony is handling this in comparison to the RROD fiasco?

Seems MS took longer to confirm the problem (apples vs oranges?) but then acted more decisively.

When it's all done this is going to be a lot more costly to Sony. MS wrote off what about a billion? 100m customers only need to sue for $10/ea to make that happen.

By Aloonatic on 5/4/2011 4:02:35 PM , Rating: 2
I think it is apples/oranges, mostly as MS had control over what was happening all the way through, while Sony don't, really.

MS had control in the sense that they could issue a recall and fix a pysical fault that they knew about. That was the up-side of their problem. The down side being that it was a problem that affect x% of machines (my friend's original xBox is still going, and he plays it a lot) so there was a time when they behaved as most large corporations do to a problem like that. Anyone who's watched fightclub knows the basics. Chance of the fault occurring * cost fixing it compared to financial loss due to bad publicity or law suits. Once it was clear that things were going wrong on a large enough scale to make a recal the clearly best option, they went for it. At first they denied it, but eventually started to sort it out, and offered free fixes and a free month of xbox live gold.

Sony on the other hand know that this is a problem that affects lots of people, right from the get-go, so can get started on trying to sort it out knowing that they have a big problem on their hands right away, unlike MS who looked like they sat on their hands for a bit trying to fob their customers off. The flip side is that Sony don't really have control over fixing this problem once they recognise that something has gone wrong and that they need to do something.

Sony are pretty powerless in this now that the cat is out of the bag, which is why I don't think comparing it to the RRoD issue is all that useful on many levels.

Both companies seem to be offering a similar pay off tho, one months free top level subscription. To be fair, many xBox owners seemed happy with this, in payment however long it took MS to fix heir machine, no matter how many times the fault appeared. To fix the problem that yo have as a Sony customer, you're pretty much covered to a large extent by your Credit Card company anyway, and you can change your user names and passwords yourself, so how bad is it really? Hard to say at the moment I suppose, and I'm sure that there are plenty of people who will milk this too, somehow.

By someguy123 on 5/4/2011 5:17:41 PM , Rating: 2
I'd say this problem is worse than the RROD problem all because of credit information being leaked. Now, there are obviously very good anti-fraud programs, but credit rating programs are just atrocious. It takes a near act of god sometimes to get fraudulent charges off of your record, even if your credit/bank has already returned your funds and issued a new card.

RROD was a problem with an entertainment device, which isn't that big of a deal to lose (though it may be a few mindnumbingly boring weeks for repair). Credit history is a big issue, though, and if people really do have their hands on credit information it can cause tons of headaches and wasted time for those affected. There is also the issue of having your private information spread and receiving piles of spam, digital and physical.

The worst thing this does for Sony is absolutely destroy their credibility as well. I'm sure most people who read about sony losing private information will steer clear from getting anything digitally from sony (like purchasing from the sony store) for a good while.

By Aloonatic on 5/4/2011 5:35:56 PM , Rating: 3
Just so you know, I wasn't trying to say which problem is/was worse, just that they are different in their nature and what each company is actually are able to do to affect what is happening, so comparing how the 2 companies handle(d) them is not that useful.

For what it's worth, I think you're being a little melodramatic. I doubt if there are many people who are going to be refused loans, credit cards or mortgages because of this. The credit information is probably going to turn out to be little more than an inconvenience for most people, and potentially very annoying for some credit card companies.

It's more the other information that might be useful to fraudsters, wanting to use it to compromise other sites/services or Sony users other accounts using the information that they have gained.

I'd guess that number of people who will actually be directly affected by the Sony problem will be far far fewer than those who were by the RRoD issue, but those that are, might well be affected much more, of course. Both sets of users both live(d) in fear of being affected though.

At the end of the day, both Sony and MS messed up royally, so neither can crow too loud, and nor can their fanboys. It's just another area, as well as trifling issue of consoles sold, where Nintendo won this round I suppose :o)

By Smilin on 5/6/2011 4:02:35 PM , Rating: 2
Good points.

The responses from the two weren't the same though. MS seemed to take a sledge hammer to the PR problems once they finally acknowledged. They extended the warranty to 3 years retroactively to catch people who had the problem but were out of warranty. This is want really cost them the $1billion.

As I write this though sony seems to be trying the same sledge hammer: they are buying a pretty comprehensive ID theft package for users.

I don't think MS sat on their hands so much as the problem was harder to pin down. Not all RRODs were from the same cause, plus mixed in with the normal ~5% failure rate of consumer electronics.

In Sony's case they knew basically by day 2 or 3 that they had a "100% failure rate". The discovery unfolded immediately instead of over months.

The story isn't over yet though. We'll have to see how Sony handles it. MS clearly learned their lesson: The Kinect has a fan built in when testing shows it's not needed. Rumors are that Sony is going to get hit again this weekend.

PSN users: I'm an XBL user. We both love to sling insults at each other but really we're all gaming brothers. *I* like picking on you but I really don't like anyone else doing so (that's the way siblings work). I hope you're back online soon and I hope they find the culprits.

By FITCamaro on 5/4/2011 6:27:23 PM , Rating: 2
Microsoft's problem didn't potentially negatively impact every aspect of their customers lives. So taking longer didn't matter.

What I want is to be able to log in and know whether or not I had a credit card on file. But I haven't been able to.

By Beenthere on 5/4/2011 12:53:47 PM , Rating: 2
I hope the security firms track down the hackers and the judicial system prosecutes them. Make them pay all damages and do 10 years in prison.

By phantom505 on 5/4/2011 12:59:28 PM , Rating: 2
And get all $2,000 they are worth, mostly in the desktop they used to steal the information.

any precedents?
By Paj on 5/4/2011 1:05:57 PM , Rating: 2
Sounds like the plotline of a Peter F Hamilton novel.

Bit of a legal minefield I imiagine, it seems like there wouldnt be many precedents for this sort of thing. Saying that Sony is responsible for the loss is really a question of how good the hackers were. No system is 100% impenetrable.

RE: any precedents?
By HrilL on 5/4/2011 5:45:19 PM , Rating: 2
The simple fact is that all those this data should have been stored encrypted. At least then if it was breached a lot more work would have to be used to decrypt it all.

Spamm forever...
By greylica on 5/4/2011 1:13:02 PM , Rating: 2
If we count them all and think that 1 at every 5 e-mails that was stolen has been using the same password as the user real e-mail account for login into sony, we will have another great round in spam battle...

By Marlin1975 on 5/4/2011 1:41:59 PM , Rating: 2
We need some penalty standards here
By mcnabney on 5/4/11, Rating: -1
RE: We need some penalty standards here
By LRonaldHubbs on 5/4/2011 1:25:18 PM , Rating: 2
While I understand the sentiment of wanting to punish companies that mismanage user info, your proposal erroneously assumes that it is possible to build an impenetrable system. Why should we penalize a company that puts real effort into security but ends up getting hacked in spite of their efforts. You could bankrupt a company that genuinely did nothing wrong by forcing them to pay for the crimes of others. Keep things how they are, prosecute the hackers, and prosecute the company if there is evidence of negligence.

RE: We need some penalty standards here
By MrBlastman on 5/4/2011 1:44:27 PM , Rating: 1
Exactly. Even the greatest of security systems will only deter people for a given length of time. Defenses can _always_ be overcome. There is always a way. Humans didn't become the top of the food chain for no reason. We are decades, if not a century away from creating technology as powerful as the human brain as far as AI is concerned. How can we even begin to think we can create a machine now if this is the case that can outsmart all of us, forever?

I'm completely against putting in to law a set of penalties. I argue that we should let the free markets decide the fate of any company that makes a large a blunder as Sony has.

By nolisi on 5/4/2011 2:27:05 PM , Rating: 1
I argue that we should let the free markets decide the fate of any company that makes a large a blunder as Sony has.

The free market won't provide reparations for individuals affected by the breech who put their trust in Sony. Sony took the risk of taking consumer data, and it has a responsibility to safegaurd it.

But let's play out the free market scenario and pretend 101 million people are outraged and the world's individuals stop using Sony products for fear of data breaches. What will happen to Sony? The free market principles dictate that Sony will go out of business, right?

Wrong. Sony not only does business with individuals, but other corporations, licensing out technology, selling components, etc with all the IP it has created and purchased. It will survive because of the cooperation of other businesses and its shear market power.

Will Sony suffer financially as a result of this? A bit. Will it matter/make a difference? Probably not. Shareholder prices might go down and they may suffer a decline in product shipments, but the people who will truly feel the impact the most are going to be the employees whose jobs are cut as a result of the declining sales that resulted from this massive mismanagement; and given the precedents set in the last several years of failing companies, they will still find a way to reward the decision makers who are ultimately responsible with bonuses.

The free market almost never issues responsibility to those who made the actual decisions; worst case scenario for Sony is that instead of shareholder prices and executive pay/bonuses getting reduced, they'll just cut jobs to make up the difference.

RE: We need some penalty standards here
By mcnabney on 5/4/2011 1:46:01 PM , Rating: 2
And what are the costs for the 101 MILLION people that now have to change everything in their online life? Just because there is a large scale doesn't mean that every one of those people is not damaged in some way. These troves of personal data NEED better protection, and if a few companies that can't seem to protect it go bankrupt, so be it. (all data except passwords were not encrypted and not hashed, the password had a salt-free hash, so they can be reverse engineered since the hackers are going to know a lot of real passwords to match up with the hashed ones they stole) This almost falls on the line of a restaurant giving customers food poisoning. An obvious negative consumer impact that WAS preventable. Sony's problem is the scale. This isn't some little break-in with 20-30k email addresses stolen. This is their entire customer file for a hundred million clients.

By LRonaldHubbs on 5/4/2011 3:19:11 PM , Rating: 2
Your argument here is inconsistent. What I disagreed with was your statement that there need to be set rules for damages when user info is compromised. Now you are talking about Sony specifically, which is not the same argument. As I said above, if a company is shown to have been negligent, then they deserve to pay. However, your proposal was to ALWAYS make the company pay out, and that is ridiculous. THAT is what I took argument with. Put the straw man away and defend your original position.

By callmeroy on 5/4/2011 1:28:39 PM , Rating: 2
No way Jose!

$170 is all your ID is worth to you?

Screw that add some zero's my friend then get back to me...

If your info is stolen and someone is literally using your ID that is a nightmare to straighten out -- it can honestly take you years to correct your credit alone and rebuild your reputation in some cases...if that's even possible.

It may sound simple or silly to just talk about it but victims of ID theft go through a fair degree of mental anguish over this stuff....with good reason -- it can drastically effect your credit history with then impacts what you pay for new loans or even your chance for getting the loan in the first place, plus just the uneasy feeling knowing some jack hole knows all your info -- your address your SSN your DOB...your CC numbers...what bank you go to...

They can go nuts and YOU pay for it..not them.

So yeah tens of thousands of dollars is much more fair...

RE: We need some penalty standards here
By invidious on 5/4/2011 4:11:19 PM , Rating: 1
Everyone on PSN signed a contract acknowledging and accepting what Sony was doing with their personal data. As long as Sony holds up their end of the contract and provided a reasonable level of security they are most likely not liable for any damages. This lawsuit needs to prove that Sony was negligent, not just that the plaintiffs were damaged.

By bodar on 5/4/2011 7:36:02 PM , Rating: 2
Sony is supposed to be PCI DSS compliant. So why don't they KNOW whether CC data was compromised? Isn't that why we set standards for consumer data security? I don't know.

Technical Guidelines for Protecting Stored Payment Card Data

At a minimum, PCI DSS requires PAN [primary account number] to be rendered unreadable anywhere it is stored – including portable digital media, backup media, and in logs. Software solutions for this requirement may include one of the following:
• One-way hash functions based on strong cryptography – also called hashed index, which displays only index data that point to records in the database where sensitive data actually reside.
• Truncation – removing a data segment, such as showing only the last four digits.
• Index tokens and securely stored pads – encryption algorithm that combines sensitive plain text data with a random key or “pad” that works only once.
• Strong cryptography – with associated key management processes and procedures. Refer to the PCI DSS and PA-DSS Glossary of Terms, Abbreviations and Acronyms for the definition of “strong cryptography.”

Maybe Sony did things by the book and still got hacked anyway, but if you ask Anton Chuvakin, Sony crapped the bed... big time.

It could be that they got tunnel-vision, did only what was necessary to be compliant and said, "hey, screw everything else". If that's the case, then they should be liable for damages, IMO.

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki