Sony facing class-action suit over PSN breach
Sony has unsurprisingly been hit with a class-action lawsuit in light of the user data breach that it admitted yesterday. The suit seeks monetary compensation and credit monitoring services.
It's barely been a day since Sony confirmed that user data had been hacked, and already the company is the subject of a class-action lawsuit. IGN obtained court documents, filed in the district court of San Francisco on behalf of one Kristopher Johns. Among the allegations are breach of warranty, negligent data security, and violation of consumer rights to privacy, among other charges.
The suit seeks monetary compensation for the data loss, along with credit monitoring services like Senator Richard Blumenthal proposed yesterday. Since it's a class-action suit and Sony has said all user data could be compromised, the suit could potentially include anyone from the nearly 80 million registered PlayStation Network accounts.
"We brought this lawsuit on behalf of consumers to learn the full extent of Sony PlayStation Network data security practices and the data loss and to seek a remedy for consumers," said attorney Ira P. Rothken, who filed the complaint. "We are hopeful that Sony will take this opportunity to learn from the network vulnerabilities, provide a remedy to consumers who entrusted their sensitive data to Sony, and lead the way in data security best practices going forward."
The breach of trust is "staggering" according to J.R. Parker, Rothken's co-counsel on the case. "One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information," he said. "Apparently, Sony doesn’t."
The revelation yesterday was met with sharp criticism, particularly regarding the amount of time between Sony pulling the plug on the PlayStation Network last Wednesday, and revealing the data breach just yesterday. In response, Sony corporate communications director Patrick Seybold issued a statement explaining the gap, but we would expect Sony's week-long silence to come up in the court case regardless.
-
Shacknews
replySteve Watts posted a new article, Sony facing class-action suit over PSN breach.
Sony has unsurprisingly been hit with a class-action lawsuit in light of the user data breach that it admitted yesterday. The suit seeks monetary compensation and credit monitoring services.-
[deleted]
-
well more accurately what they didnt
-
-
-
-
-
-
That would be the reasonable assumption, but my understanding that sony has essentially implied when they stated the scope of the breach that it was not. That is, they stated that when the data source was compromised, everything was compromised; not that the plain text stuff was compromised and it's potentially plausible that sensitive information can be brute force cracked if a strong password was not used.
-
-
-
[deleted]
-
he's not saying that. fauljosh's post is slightly incorrect in that the 'discovery' in January was that credit card info was being sent across the web in plain text.
spookyd is saying that that thing was overblown, because it actually is secure due to the fact that it's using SSL to send that info, but in January nobody realised that it was then actually being stored unencrypted, which is sad. :(
-
-
-
Stop typing whatever YOU think Fauljosh.... At least you support catching these guys, seems everyone is forgetting that....
-
-
Sony deserves everything that's coming to them for unacceptable levels of security, especially if the rumours regarding unencrypted transmission and plain text password storage are true.
The hacker(s) deserve to be put into federal pound me in the ass prison.
Fuck both of 'em.
Also I want to play Outland, dammit. -
If what I've read is true(unencrypted passwords? really Sony?) they deserve to be put out of business if for no other reason than to hammer home to other companies that this lax level of security with your customers' private information cannot be accepted at all. That being said I hope The Last Guardian is released before Sony's demise.
-
Your comments worthless....
-
-
"12345!? That's amazing! I have the same combination on my luggage!"
http://www.youtube.com/watch?v=a6iW-8xPw3k
-
-
Must be your mission to just shit-up every Sony thread.
-
Same to u
-
-
-
Sony won't be put out of business. In fact, they'll still have profitable quarters and pay fat bonuses to the executives at the end of the year for a job well done. See Enron and BP Oil for patterns to this.
-
-
This reminds me of the early days of the PS3 when everyone was quick to hate it simply because it existed. I love how all these analysts are coming out of the woodworks now saying its staggering Sony didn't have more measures in place to prevent this... what a load of BS... this can happen to anyone, no one is safe from a determined hacker. Everyone owes Mr. Geohotz a big old thanks for his "awesome" work... the trickle down effects have been amazing.
-
George Hotz is an arrogant hack. The hacker group fail0verflow were the ones who displayed the 45 minute presentation at 27C3 on how they were able to decrypt the PS3's code signing private key, but didn't disclose the key itself. All that GeoHot did was say "Oh, thanks!" and post the key out in the open.
-
-
-
His iPhone work was probably his best work, but his posting of the private key was low-class, and he paid for it.
This breach and GeoHot are unrelated (hopefully; GeoHot said he was boycotting Sony, after all); I just can't let a comment of "everyone thank GeoHot" slide, because that's not where the true credit is due. The fail0verflow group had some pretty nice and mind-boggling crypto work there (you are NOT supposed to be able to decrypt a private key like that, unless of course the crypto implementation is flawed, as it was in the PS3).-
-
Without the key that fail0verflow proved was extractable, this wouldn't be possible.
All that GeoHot did was follow the recipe, with some additional work that he didn't disclose, and then posted the key out in the open. Classless HACK.-
The key was not necessary for the firmware to be changed. It was the release of that new (devmode) firmware that started this. Your information is incorrect.
-
-
Here's the purported chatlog that a lot of these rumors are coming from: http://pastebin.com/m0ZxsjAb
-
Better version? http://pastie.org/private/97oth9v5tspkiztwwdmnga
Apparently it's from ~10 days ago. So who knows.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
How do I get in on this lawsuit?
-
[deleted]
-
[deleted]
-
-
[deleted]
-
and the lawyers will get millions, yay!
-
-
You don't find them, they find you.
-
-
[deleted]
-
Then place a fraud alert with the credit companies and be done with it. Fraud insurance isn't really necessary after that because there are laws to protect you.
-
-
-
-
Saw this posted around, not sure how reliable the source is though: http://lo-ping.org/2011/04/26/psn-hacker-chat-logs/
aswell you should never ever install a CFW from someone unknown
cuz its way too easy todo scamming at this point
for example:
creditCard.paymentMethodId=VISA&creditCard.holderName=Max&
creditCard.cardNumber=**********&creditCard.expireYear=****&creditCard.
expireMonth=*&creditCard.securityCode=***&creditCard.address.address1=
example street%2024%20&creditCard.address.city=city1%20&creditCard.
address.province=abc%20&creditCard.address.postalCode=12345%20
sent as plaintext-
Don't believe everything you read off the internet.... Anyone could make that up and post it just the stir the fire more.... Anon is still alive and breathing thanks to the dick heads out there that support their cause for nothing...
-
reads legit to me.
-
-
-
I don't get it, Sony gets hacked so people sue them? Its not their fault YOU trusted them with your information and its not their fault they got hacked (anything and everything can be hacked). I honestly don't care about Sony and they really shouldn't be sued.
This is just as dumb as the lady who sued McDonalds for burning herself with coffee, just an excuse to get easy money.-
It's actually kind of an interesting case. http://en.wikipedia.org/wiki/Liebeck_v._McDonald%27s_Restaurants
-
-
-
[deleted]
-
-
[deleted]
-
well it works because its cited by complete idiots every single day!
-
-
I studied that case in Business Law!
-
-
-
it is their fault for storing sensitive information in clear text. each and every one of those fields should have been encrypted.
-
I've said it before, but you guys really need a Data Protection law as strict as the UKs http://en.wikipedia.org/wiki/Data_Protection_Act_1998#Plain-language_summary_of_key_principles At least to stop retarded companies collecting things like SSNs for no reason then leaving them on USB sticks.
-
While I do think the McDonalds lawsuit was probably decided incorrectly, I do not think that this lawsuit against Sony is frivolous.
In Law and Economics, a generally agreed-upon rule of thumb is that the party that is able to avoid an accident at the lowest cost should be assigned liability. For example, if a plane crashes into your house, the owner of the plane is liable for the damage caused, because there is nothing you could do to avoid the accident. (I am avoiding the question of strict liability, negligence, strict liability with a defense of contributory negligence, etc., as it's not crucial here.) The lowest-cost avoider should face liability for damage caused.
In the case of the coffee, I don't think it's clear that McDonalds was the lowest-cost avoider. In the case of protecting personal information, however, I think it is pretty clear that Sony is the lowest-cost avoider of damage. Once the information is provided, there is little consumers can do to protect it. They can insure against identity fraud, but that's a second-best response; the first best would be for Sony not to allow the data to be stolen in the first place. One could also say that consumers could protect themselves by simply never providing personal information, but this would ultimately make both Sony and the consumers worse off, compared to a world in which Sony simply does a better job with security. Making Sony liable gives them (and anyone else storing personal information) an incentive to avoid the damage caused by the theft of that information.
-
-
-
-
What do you think happened when you clicked "accept" on that EULA the first time you connect to PSN?
-
-
-
-
-
Fuck plugging it into the system! It should plug straight into the TV!
-
-
-
-
[deleted]
-
Probably so they can pad their subscriber numbers compared to Xbox Live.
Supposedly it was prevalent to have PSN accounts in different regions to get access to region specific content.
-
-
wait so is ~80 million the number of accounts, or number of people with accounts?
-
/facepalm -
LOL.... dude is gonna get a check for 15 bucks and labeled as a jerkoff by all the people who know him.... service is free.... credit checks are free... and credit card info was secured.... good luck with that one....
Hope he likes the title of "That guy" from now on...
-
