Sony PlayStation Data Breach Spawns Lawsuit, FBI Now InvolvedApr 29, 2011 | Parker Waichman LLP
The uproar over the Sony PlayStation network data breach continues, with the first of what is expected to be many class action lawsuits filed because of the hack, likely one of the largest in the history of the Internet. Meanwhile, the FBI is now investigating the breach, and Sony is said to be considering some type of compensation for the more than 70,000 people who use its PSN and Qriocity services worldwide.
The data breach occurred between April 17 and April 19, with Sony reportedly learning of the hack on the 19th. Users of the network weren't informed until this past Tuesday, however, with Sony claiming it wasn't aware of its severity until Monday.
It's not yet known what information the hacker was able to access, but it could include customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and user names, as well as online user handles, and possibly credit card related data.
Sony claims that customer information was encrypted. However, the New York Times reported today that security specialist say they are seeing discussions on underground Internet forums indicating that the hackers had accessed personal information, including credit card information, for more than 2 million users. Kevin Stevens, senior threat researcher at the security firm Trend Micro, told the Times that the Sony hackers were hoping to sell the credit card list for upwards of $100,000.
Sony has recommended that users change the passwords on other services and accounts that might use the same user name or password as their PSN account. Users have also been warned to review all account statements, and keep an eye on their credit reports in order to spot any unauthorized activity.
The first class action lawsuit over the data breach has been filed in Federal Court in the Northern District of California. It claims Sony failed to take reasonable care to protect, encrypt, and secure the private and sensitive data of its users. The lawsuit seeks, among other things, monetary compensation for the data loss and loss of use of the Sony PlayStation Network and credit monitoring.
The two networks have been down for eight days now, and PCWorld is reporting that Sony is considering compensation for its users.
"We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online," the company said in a posting on its PlayStation blog. The posting also said subscribers to Sony Online Entertainment's MMO (massively multi-player online) games "DC Universe Online" and "Free Realms" would also see something from the company.
However, as PCWorld pointed out the PlayStation Network is offered at no charge to users, so any compensation will probably not be monetary. Some users do subscribe to the PlayStation Plus service, which offers access to beta versions of games and other perks for an annual fee, PCWorld said.
According to USAToday, an FBI agent in San Diego said that the agency is working with Sony to investigate the hack. The agent said anyone with information about the case should call the FBI at 858-565-1255 or 1-877-EZ 2 -TELL.