backtop


Print 32 comment(s) - last by Smilin.. on May 6 at 4:02 PM


The lawyers are coming for Sony, after it lost 101 million customers' information.  (Source: David Pear)

Sony has thus far refused to clarify whether users' credit cards were stolen. Its statements suggest that as many as 10 million customers MAY have had their credit cards stolen.  (Source: China Post)

Sony waited two days before informing the FBI of the breach and a full week before informing customers. Many customers are also distraught about their passwords, real names, and email addresses being stolen -- a combo which could give cybercriminals access to users' private online accounts.  (Source: Hard Forums)
After two high profile data losses, company has recruited the FBI and a private firm to crack down

Sony Corp. (6758) has been rocked in recent weeks by a pair of high profile system intrusions. One intrusion caused the outage of the company's Qriocity streaming media and PlayStation Network (PSN) services, along with the loss of 77 million customer records.  A second intrusion at Sony Online Entertainment lost 24 million additional customer records.

Together the intrusions may have lost over 10 million customers credit and debit cards, though Sony is still being unclear about whether or not this valuable information was taken.

I. Stepping up Security

In an effort to clean up its act, Sony has hired privately held security firm Data Forte to track down the cyber criminals.  Data Forte is the brainchild of a former special agent with the U.S. Naval Criminal Investigative Service.

The Japanese electronics giant has also retained cyber-security detectives from Guidance Software Inc. (GUID) and consultants from Robert Half International Inc.'s (RHI) subsidiary Protiviti to assist in the investigation and cleanup.

There is a bit of irony there, in that Robert Half was itself the victim of customer data loss just weeks ago.  Robert Half contracted email service solutions firm Epsilon to manage its client email database.  Like many Epsilon customers, it was shocked to hear that Epsilon's entire database of emails from various client companies had been stolen.

The three investigating firms are working closely with U.S. Federal Bureau of Investigations (FBI) to examine possible identity theft or credit card fraud attempts from the individuals who stole the information.

II.  What's the Status?

One of the frustrating things about the entire incident is that Sony has been extremely unclear about whether users' credit cards were stolen.  In all of its statements it adopted ambiguous legal language-esque passages, which while not saying the cards numbers were stolen, also did not rule out the possibility.

Initially, Sony was also very quiet about the breach itself, waiting a full week before informing customers of its discovery and why the networks were down.  When it did finally inform them, it did offer them a great deal of information about the breach itself (though it offered precious little clarification on some of the most important points, like credit card loss).

Sony, whose Japanese executives have publicly apologized to customers, has also been silent about its ongoing investigation.  

Other security firms, though, who aren't involved firsthand, but reportedly have knowledge of the situation, are speaking out.  In an interview with Reuters, David Baker, vice president of services with electronic security firm IOActive, states, "It's a significant operation."

He said that he believes that Visa and MasterCard have hired their own investigators to probe the incident as well.  If true, this may indicate a greater likelihood that credit card information was indeed lost.

Sony is facing pressure from politicians about its failure to clarify the situation to the public.  Connecticut Senator Richard Blumenthal (D-Conn.) sent a letter to Sony on Tuesday demanding that it clarify whether or not credit cards were stolen.

In the letter he says he will call on the U.S. Attorney General, Eric Holder, to probe whether or not Sony should be held criminally or civilly liable for losing its customers personal information, including, potentially, financial records.

He writes:

I would appreciate a direct and public answer detailing what the company will do in the future to protect its consumers against breaches of their personal and financial information.

Reportedly one thing Sen. Blumenthal and others are upset about is the report that Sony waited two days after finding out about the breach before contacting the FBI.

III. Legal Troubles Ahead for Sony?

Despite its efforts to turn the corner with its internal security and track down the perpetrators of the breach, legal troubles may be looming for Sony, as Sen. Blumenthal's comments might suggest.  

The company has retained the services of Baker & McKenzie, a law firm.  Reportedly the move was designed to retain services to help prosecute cyber-criminals involved in the break in.

However, it may also be designed to beef up Sony's legal defense against customers.

A Toronto law firm on Tuesday announced a $1B CD ($1.05B USD) class-action suit against Sony for breach of privacy, naming a 21-year-old PlayStation user from Mississauga, Ontario, as the lead plaintiff. Lawyers for McPhadden Samac Tuovi LLP, say that the suit's requested damages would allow Sony's customers to purchase fraud prevention and credit monitoring service for two years.

It is likely that similar class action lawsuits will pop up in the U.S. and the European Union. 

Many Sony customers are upset not only about the possible loss of their credit card information, but also the loss of their usernames and passwords.  While hashed, it's possible that sophisticated hackers could reverse the hash, giving them access to potentially millions of users Facebook, Gmail, Twitter, and other accounts, given that they also have the users emails and real names (which were reportedly unhashed and unencrypted).



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By ihateu3 on 5/5/2011 4:25:05 PM , Rating: 2
Any normal broadband connection can stream or download HD content. As for the PSP GO, I agree with you, but could it be because people did not want a rehash of the PSP? Considering Steam is dominating the PC over physical media, and most software for the PC is downloaded and not installed from disk, MP3's have replaced CD's, ect. Also their are certain services that do allow you to lend your digital copy out, in time this won't even be necessary with services like netflix taking over the marketplace.

As for my server and network, they have never went down in 6 years (aside of electrical outages). My server is a lowly 700MHZ headless PC which in all honesty is overkill for what it is doing, look up freenas for the server OS. Also a lot of modern routers now have the ability to just plug in an external HDD and turn your router into a media server.

And my statements where not condescending, just realistic.


By Aloonatic on 5/5/2011 5:32:49 PM , Rating: 2
quote:
Any normal broadband connection can stream or download HD content
No, it can't. Sorry, but average speeds in many places are around 2 to 3 mbps when the going's good, and that's just not good enough, even assuming that only one person wants to watch any one stream or download something at any one time.

I'm not sure about Steam dominating physical media in PC gaming, but I feel that you might be exaggerating somewhat, not to mention that the PC game market is somewhat smaller than the home movie market in terms of units sold.

Your point about MP3s is a good one though. Back in the early days of napster (late '90s) people were using dial up, and some might have been making similar comments as you just have only referring to downloading music and that only those who use CDs are the technologically impaired. However, it took a long time until broadband connections came along to make it realistic for music downloads to replace the CD, and many people still prefer to have their physical disk for other reasons, such as those that I pointed out. Current ADSL broadband connections (which is what most people have, although things are slowly changing) are just not good enough for all your HD video needs I'm afraid, just as dial up wasn't good enough for all music downloads. On the odd occasion, perhaps, but not all the time as a matter of course. When speeds improve and become more stable, then I totally agree with you (and have never said that it wont be a distinct possibility that downloads will replace physical disks for many), but that's going to be a while I'm afraid.

To be clear, I'm not saying that what you have said will not be true sooner or later, just that at the moment, your claims are just plain wrong. If you live alone in a flat with a cable/fibre connection, then you can do what you say. If you live in the average household however, with an average ADSL line with many people using it at the same time, along with everyone else attached to our exchange downloading HD videos too (as everyone would be the technologically literate utopia, that does not have BlrRay disks), then streaming or downloading HD video files and watching them is not going to be quite as feasible as you seem to think.

It has little or nothing to do with how technologically savvy someone is.

As for you claiming not to have been condescending. When you make comments like "Only the technologically impaired care about blueray", then I'm sorry to be the one to break it to you, but you are being condescending. Maybe you talk to people like this all the time and someone should have pointed this out to you in the past? I honestly can't say.


"A lot of people pay zero for the cellphone ... That's what it's worth." -- Apple Chief Operating Officer Timothy Cook














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki