Petition Against Rothken Law Firm's Lawsuit
Petition against Rothken's unjust suit.
Sign at petitionspot (DOT) /petitions/SonyAndRothken
A gamer is suing Sony over the data breach in which the personal details of more than 70 million PlayStation Network and Qriocity users were stolen. Although Sony has maintained that there is no evidence of the theft of card data, a complaint filed in the Federal Court in San Francisco accuses the company of failing to protect …
Too many arsehats who think that somehow "Sticking it to the man" makes you some sort of hero.
Also a smaller number of people prepared to ask the pertinent question: If this opportunist little shit and his classmates win their dumb "get rich quick" suit, who ends up paying........? For the seriously hard of thinking, I'll spell that out: Where does Sony's Playstation Network get its money from and if they are suddenly short a few million, how are they going to get it back?
"If this opportunist little shit and his classmates win their dumb "get rich quick" suit, who ends up paying........?"
Who ends up paying because companies like Sony are too incompetent to protect our identity and credit card data? That's right, you, me and everyone else whether we have bought a Sony product or not because the banking system will pass their fraud losses due to Sony's incompetence on to every one of their customers.
I don't agree with hacking of online systems, I don't even agree with hacking Sony despite them being total douches, but if there's one positive to come out of this it's that no company, no matter how big/rich/clever they may be, can take a slipshod attitude to data security.
Sony need to be punished, financially, for not doing enough to prevent this data from being stolen and even if it means we as consumers/banking customers end up footing the bill it's something that needs to happen and keep happening until it sinks in that losing confidential data due to weak or flawed security is simply not acceptable.
And if financial penalties are not enough to ram home this message, perhaps a law should be passed that forces companies with defective online security to go offline for specific periods, 1 month for a first time offender, 6 months for a second data breach, a full year or for three strikes (maybe even permanently).
If companies don't take privacy seriously, they don't have any right to do business on the internet.
The lawsuit seeks reimbursement for any
"losses that may result from thetheft of credit card data" Hicks can get credit now?
"refunds for services" - isn't the PSN free?
"and punitive damages" - s/puntitive damages/Freeloader
Only one thing to say it HAD to be a yank :( Sony deserve it but still.....
> "refunds for services" - isn't the PSN free?
I don't know, but even if it's "free" you still pay for it - it's an extra cost to Sony that Sony has to cover from the purchase price of the PS3 and multiplayer PS3 games. And if the PSN was permanently switched off then consumers would reasonably demand a refund for their PS3 and PS3 games.
Whether consumers should demand compensation for a few-day outage is a different question.
You know all this is B.S.. If going to have a lawsuit againt somebody make it against the Damn hackers. It is not like sony wanted to be hacked. Shit happens, new software becomes old software in a matter of days. So we have to change passwords and our cards. but hell, who you going to put a lawsuit againt when its your computer thats been hacked? microsoft? I dont think so. Everybody wants the PSN back up but people keep putting more on them(like a lawsuit) its just going to be that much longer because they gotta make sure it dont happen again, so they dont get another lawsuit, for being robbed. Only in the U.S.A can you put a lawsuit against somebody that got robbed. Yall know its the truth.
"Everybody wants the PSN back up but people keep putting more on them(like a lawsuit) its just going to be that much longer because they gotta make sure it dont happen again, so they dont get another lawsuit"
So, yes it is a good idea to sue them so "they gotta make sure it dont happen again" ... or are you saying they should be left to start it back up with no security and carry on like before because they know there will be no repercussions?
the mess with Sony should be a general quarters alarm/
how our fragile e-economy and privacy are so close to deadly harm/
In a more innocent time the only video game was Pong/
As long as the quarters held out in the game you did belong/
The hint of the future was Pak Man racing in the maize/
From colored teeth seeking to trap and to end your quarter play/
That Pak Man is now we game players and consumers seeking relief/
From unseen colored hackers with privacy chomping teeth/
but fear not US lawyers may not block hackers but will bring Sony grief
But we really need is a way for the hackers to turn over a golden leaf/
70 million credit ids and passwords in hands God knows where/
Maybe now time to take out Risk or open a Nook in one's favorite chair
Whomever it was, did you have to down this, after all that effort? If you don't like it, simply pass along.
I completely agree with the sentiment, we've rocketed at 1000mph into the glorious light of the new world techno economy, sadly those are in charge of the rocket are not engineers but money men. If the techies were in charge of the rocket we wouldn't have half the cockups we have, we wouldn't be forced to cut corners to keep the shareholders happy.
...and ban Sony from online card payments until they have passed a full and in depth audit.
That is what a company I worked for were threatened with when they discovered a system they had inherited was wide open. Even though the site was immediately taken down.
I suspect that the PCI will do fuck all though, Sony are too big to be dealt with according to their own rules.
I'd be very surprised if Sony are not fully compliant with the PCI rules and even more surprised if a random gamer knows more about it than Sonys lawyers. (even if said random gamer is a lawyer themselves!)
PCI Compliance is different depending on what type of merchant you are. For a large organisation storing the card holder data and keeping it in an encrypted form would still make you compliant as long as you have secured your network to a level present in all large organisations (e.g. unique user accounts, locked down access to this data and a procedure to test this on a regular basis).
PCI cannot act as Sony have more than likely not failed in their agreed obligations.
PCI can't act because they as an entity don't exist.
There's a regulatory body who sets the PCI DSS standard, but compliance is enforced by the acquirers (Visa and Mastercard for example). They can threaten to withdraw payment authorisations, and then you stop making money.
Any large company needs to pass a PCI DSS audit, the audit is done by a QSA, an external testing company who will audit their client, and based on their findings provide mandatory changes and recommendations that the client must follow to get their PCI DSS approval.
Now here's the kicker - when a QSA approves a client, they are taking on the liability in case of a data breach of any system they have audited and approved. The client gets to throw their hands in the air and say the QSA didn't identity whatever hole has led to the breach, and the QSA gets fined. Some clients are so large that the fines will destroy the QSA, for this reason many are sacrificial private limited companies. Some will pretty much come along and say "we'll take the risk" and give a company a tick in the PCI box without so much as a second glance.
Of course the company that lost the data then has to go to another QSA and get their box ticked again.
I've bought a few things from the US before, such as memory from Crucial.com and found myself part of a class action lawsuit. I got sent a bit of paper to say I was a member of a suit. Years passed and I got another bit of paper to say I was entitled to some pathetic reimbursement which I think was a voucher code for crucial.com. Whoopdee do. Similar thing happened to some other service I used whose name escapes me.
These class actions are such a scam for consumer complaints. The only people who walk away with any amount of money are the lawyers who "represent" the consumers and take 30% of the proceeds.
As for this class action, what I find notable is follows a rampant orgy of speculation and extrapolation based on a single public statement by Sony. There is no evidence anyone's credit card info has been used, or that passwords weren't correctly salted and hashed, or that personal data like credit card numbers weren't encrypted. Perhaps the attack was able to lift the database files but the contents are encrypted. I wish Sony would provide a more technical description and impact assessment of what happened and what did and did not do to shut this speculation down or at least give it focus. But I fear with vultures circling with their class actions they're likely to keep their mouths shut for legal reasons.
1) I did not realise that Sony had put their customer database up on teh torrentz. Can you give me teh upload codez?
2) Sony appear to have applied security to some aspects of their data, but not others. What is the ICO's position on encrypting personal data?
3) Unlike most government offices, I don't read anything in the story about Sony putting this data on an unencrypted USB stick.
4) Sony are a shower of anti-free-market asshats (rootkits, GeoHotz etc) and deserve everything they get, but I don't see how this suit helps. This is a *global* problem and needs to be addressed at a state level. The countries involved (i.e. just about everyone) should demand that Sony make good any loses and have ID theft teams.
5) *IF* one suffers a loss, *IF* one has evidence that Sony is responsible and *IF* Sony do not make good, then one should sue. *IF* this happens repeatedly, then the courts should consider punitive damages/prosecution.
Just IMHO of course.
What post by Bilge did you read FFS?! I tried hard, I really did, to find the links between your verbal diarrhea and the original post by Bilgepipe and unless Bilge put these points in a tiny, tiny font between the lines in his post I am still at a loss to connect the dots!
There is no point in blaming this on the hackers/Geoholt/Anon.
It is SONY's legal responsibility to ensure the security of their data. They stored it in that way if it gets lost/stolen it's their bad.
If they spent as much time/money securing their servers as they did securing their consoles this wouldn't have happened. Simples
Can we have the discussion that they are so protective of their console to protect their network. Obviously a crock of...
Not a SONY customer and never will be.
Wouldn't Sony have said so in their releases? "Yes there was a breach but the data was encrypted". The PR department would have jumped on this bit of "good news".
Although I loathe the whole sue for everything culture that seems to be spreading like a cancer, if it is proved that the data WAS unencrypted then Sony deserve everything they get and should be investigated by every Data protection department in every country it operates in in addition to being massively fined.
Lets face it people, this is security 101 - basic bloody stuff, someone needs to goto jail over this and its not just the hackers.
And look what I got!
inachu,
Thank you for your recent order. This e-mail serves as your receipt for a purchase, ******************(NAME REMOVED)
Order Number: 1097793074
STATION CASH PURCHASES
Station Cash Funding Purchase
$10.00
Tax:
$0.00
Order Total:
$10.00
Sony Online Entertainment LLC
http://www.station.sony.com