back to article PSN hack triggers lawsuit

A gamer is suing Sony over the data breach in which the personal details of more than 70 million PlayStation Network and Qriocity users were stolen. Although Sony has maintained that there is no evidence of the theft of card data, a complaint filed in the Federal Court in San Francisco accuses the company of failing to protect …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Petition Against Rothken Law Firm's Lawsuit

    Petition against Rothken's unjust suit.

    Sign at petitionspot (DOT) /petitions/SonyAndRothken

    1. Marky W
      Black Helicopters

      Fishy

      So, 6 of the first 9 comments are effectively pro-Sony, at a venue not renowned for having a pro-Sony inclination (as the down-votes show).

      Am I alone in finding this a tad dodgy? Or is it tin-foil chapeau time?

      1. TeeCee Gold badge

        Re: Fishy

        Too many arsehats who think that somehow "Sticking it to the man" makes you some sort of hero.

        Also a smaller number of people prepared to ask the pertinent question: If this opportunist little shit and his classmates win their dumb "get rich quick" suit, who ends up paying........? For the seriously hard of thinking, I'll spell that out: Where does Sony's Playstation Network get its money from and if they are suddenly short a few million, how are they going to get it back?

        1. Neil 7
          FAIL

          @TeeCee

          "If this opportunist little shit and his classmates win their dumb "get rich quick" suit, who ends up paying........?"

          Who ends up paying because companies like Sony are too incompetent to protect our identity and credit card data? That's right, you, me and everyone else whether we have bought a Sony product or not because the banking system will pass their fraud losses due to Sony's incompetence on to every one of their customers.

          I don't agree with hacking of online systems, I don't even agree with hacking Sony despite them being total douches, but if there's one positive to come out of this it's that no company, no matter how big/rich/clever they may be, can take a slipshod attitude to data security.

          Sony need to be punished, financially, for not doing enough to prevent this data from being stolen and even if it means we as consumers/banking customers end up footing the bill it's something that needs to happen and keep happening until it sinks in that losing confidential data due to weak or flawed security is simply not acceptable.

          And if financial penalties are not enough to ram home this message, perhaps a law should be passed that forces companies with defective online security to go offline for specific periods, 1 month for a first time offender, 6 months for a second data breach, a full year or for three strikes (maybe even permanently).

          If companies don't take privacy seriously, they don't have any right to do business on the internet.

  2. David 39
    Unhappy

    O Mar, brings me my gun, pah get the dogs

    The lawsuit seeks reimbursement for any

    "losses that may result from thetheft of credit card data" Hicks can get credit now?

    "refunds for services" - isn't the PSN free?

    "and punitive damages" - s/puntitive damages/Freeloader

    Only one thing to say it HAD to be a yank :( Sony deserve it but still.....

    1. Bilgepipe
      FAIL

      Fail

      >>> Only one thing to say it HAD to be a yank

      So if it were you, you wouldn't sue Sony?

      Epic, epic fail, on every level.

      1. CD001
        FAIL

        erm...

        I have a PSN account so it is and I'm not. Fail rightbackatya.

    2. Anonymous Coward
      Grenade

      @David 39

      > "refunds for services" - isn't the PSN free?

      I don't know, but even if it's "free" you still pay for it - it's an extra cost to Sony that Sony has to cover from the purchase price of the PS3 and multiplayer PS3 games. And if the PSN was permanently switched off then consumers would reasonably demand a refund for their PS3 and PS3 games.

      Whether consumers should demand compensation for a few-day outage is a different question.

  3. XMAN
    FAIL

    already covered

    Any fraudulent charges on his card will already be covered by his credit card provider.

    1. r4co0n
      WTF?

      title is required

      which will be glad to have someone to blame this on...

  4. alittaoff

    Lawsuit is B.S.

    You know all this is B.S.. If going to have a lawsuit againt somebody make it against the Damn hackers. It is not like sony wanted to be hacked. Shit happens, new software becomes old software in a matter of days. So we have to change passwords and our cards. but hell, who you going to put a lawsuit againt when its your computer thats been hacked? microsoft? I dont think so. Everybody wants the PSN back up but people keep putting more on them(like a lawsuit) its just going to be that much longer because they gotta make sure it dont happen again, so they dont get another lawsuit, for being robbed. Only in the U.S.A can you put a lawsuit against somebody that got robbed. Yall know its the truth.

    1. Bilgepipe

      Eh?

      So you think it's acceptable for Sony to have stored the entirety of it's customers personal data, including passwords and credit card details, in an unencrypted format on a network hacked by some kid in his basement/some guy from Anonymous? Wow.

      1. Anonymous Coward
        FAIL

        @bilgepipe

        How do you know credit card details were stored unencrypted ? Either you work for Sony, or your the hacker. (or your full of bs)

        Which is it ?

      2. Tom 13

        Fail - The reports said the credit card information was encrypted.

        Yes I think it is bad that they stored the rest of the data in an unencrypted format. That doesn't excuse you claiming they did more damage than they have done.

    2. Basic
      FAIL

      Hmmmmmm

      Hmmmmm someone opens a brand new user account to post pro-Sony comments. Not in the slightest bit dodgy.

      I wonder if the Moderatrix would be kind enough to check if the account used has an IP address inside Sony - Sarah?

    3. Anonymous Coward
      WTF?

      So you're pro this lawsuit then?

      "Everybody wants the PSN back up but people keep putting more on them(like a lawsuit) its just going to be that much longer because they gotta make sure it dont happen again, so they dont get another lawsuit"

      So, yes it is a good idea to sue them so "they gotta make sure it dont happen again" ... or are you saying they should be left to start it back up with no security and carry on like before because they know there will be no repercussions?

  5. Alaskanpoet

    Pac Man deja vu

    the mess with Sony should be a general quarters alarm/

    how our fragile e-economy and privacy are so close to deadly harm/

    In a more innocent time the only video game was Pong/

    As long as the quarters held out in the game you did belong/

    The hint of the future was Pak Man racing in the maize/

    From colored teeth seeking to trap and to end your quarter play/

    That Pak Man is now we game players and consumers seeking relief/

    From unseen colored hackers with privacy chomping teeth/

    but fear not US lawyers may not block hackers but will bring Sony grief

    But we really need is a way for the hackers to turn over a golden leaf/

    70 million credit ids and passwords in hands God knows where/

    Maybe now time to take out Risk or open a Nook in one's favorite chair

    1. The Fuzzy Wotnot
      Thumb Up

      Well said chief!

      Whomever it was, did you have to down this, after all that effort? If you don't like it, simply pass along.

      I completely agree with the sentiment, we've rocketed at 1000mph into the glorious light of the new world techno economy, sadly those are in charge of the rocket are not engineers but money men. If the techies were in charge of the rocket we wouldn't have half the cockups we have, we wouldn't be forced to cut corners to keep the shareholders happy.

  6. Anonymous Coward
    Anonymous Coward

    I bet £5 on the guy on the right

    No, not the little consumer on the left, there, on the right, the big corporation with cash dripping off its pockets. For a starter, we were just told that class actions are dead: http://www.theregister.co.uk/2011/04/28/supreme_court_class_action_decision/

  7. Anonymous Coward
    FAIL

    PCI Should act...

    ...and ban Sony from online card payments until they have passed a full and in depth audit.

    That is what a company I worked for were threatened with when they discovered a system they had inherited was wide open. Even though the site was immediately taken down.

    I suspect that the PCI will do fuck all though, Sony are too big to be dealt with according to their own rules.

    1. Anonymous Coward
      Anonymous Coward

      It depends on what infringment they've made. If any.

      I'd be very surprised if Sony are not fully compliant with the PCI rules and even more surprised if a random gamer knows more about it than Sonys lawyers. (even if said random gamer is a lawyer themselves!)

      PCI Compliance is different depending on what type of merchant you are. For a large organisation storing the card holder data and keeping it in an encrypted form would still make you compliant as long as you have secured your network to a level present in all large organisations (e.g. unique user accounts, locked down access to this data and a procedure to test this on a regular basis).

      PCI cannot act as Sony have more than likely not failed in their agreed obligations.

      1. Anonymous Coward
        Anonymous Coward

        Lawyers?

        You really think the lawyers are responsible for ensuring PCI compliance?

        I've always worked with the infrastructure and software architects along with a QSA to ensure compliance. Not sure how many lawyers would be able to do much to ensure compliance.

    2. system11
      Pirate

      There is no 'PCI'

      PCI can't act because they as an entity don't exist.

      There's a regulatory body who sets the PCI DSS standard, but compliance is enforced by the acquirers (Visa and Mastercard for example). They can threaten to withdraw payment authorisations, and then you stop making money.

      Any large company needs to pass a PCI DSS audit, the audit is done by a QSA, an external testing company who will audit their client, and based on their findings provide mandatory changes and recommendations that the client must follow to get their PCI DSS approval.

      Now here's the kicker - when a QSA approves a client, they are taking on the liability in case of a data breach of any system they have audited and approved. The client gets to throw their hands in the air and say the QSA didn't identity whatever hole has led to the breach, and the QSA gets fined. Some clients are so large that the fines will destroy the QSA, for this reason many are sacrificial private limited companies. Some will pretty much come along and say "we'll take the risk" and give a company a tick in the PCI box without so much as a second glance.

      Of course the company that lost the data then has to go to another QSA and get their box ticked again.

  8. Neil Greatorex
    WTF?

    Was only a matter of time

    Before some litigious twat hit the sue button.

    Makes one wonder why anyone would want to do business in the old US

  9. Anonymous Coward
    WTF?

    Typical US response

    Wonder how long before someone decided to try and cash in.

    Is there anything Americans won't sue over?

    1. Anonymous Coward
      Thumb Down

      but...

      ...It's the only language that Sony understand.

      For one - they were warned about the crappy security last year, but instead of doing anything about it they just unleashed the lawyers. Not good.

    2. g e

      Yes. There is

      Stuff that won't net them a nice payout.

  10. Anonymous Coward
    Anonymous Coward

    Credit cards

    "Although Sony has maintained that there is no evidence of the theft of card data

    Could be coincidence but:

    http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars

  11. DrXym

    Class action lawsuits are such a ripoff

    I've bought a few things from the US before, such as memory from Crucial.com and found myself part of a class action lawsuit. I got sent a bit of paper to say I was a member of a suit. Years passed and I got another bit of paper to say I was entitled to some pathetic reimbursement which I think was a voucher code for crucial.com. Whoopdee do. Similar thing happened to some other service I used whose name escapes me.

    These class actions are such a scam for consumer complaints. The only people who walk away with any amount of money are the lawyers who "represent" the consumers and take 30% of the proceeds.

    As for this class action, what I find notable is follows a rampant orgy of speculation and extrapolation based on a single public statement by Sony. There is no evidence anyone's credit card info has been used, or that passwords weren't correctly salted and hashed, or that personal data like credit card numbers weren't encrypted. Perhaps the attack was able to lift the database files but the contents are encrypted. I wish Sony would provide a more technical description and impact assessment of what happened and what did and did not do to shut this speculation down or at least give it focus. But I fear with vultures circling with their class actions they're likely to keep their mouths shut for legal reasons.

    1. Tom 13

      Not just the lawyers.

      The consumer complaint groups manage to make money off of it too. Which they in turn use to lobby for even more useless consumer protection laws which again only benefit them and the lawyers. But yeah, its only the parasites that make money off these things.

  12. Bilgepipe
    Thumb Down

    Amazing

    It's truly amazing that 'tards are actually defending Sony over this. Apparently it's okay to let the personal data of 70 million people - more than the population of the UK - get stolen by some hacker.

    If this were the government you'd be bitching all up the walls about it.

    1. The BigYin

      @Bilge

      1) I did not realise that Sony had put their customer database up on teh torrentz. Can you give me teh upload codez?

      2) Sony appear to have applied security to some aspects of their data, but not others. What is the ICO's position on encrypting personal data?

      3) Unlike most government offices, I don't read anything in the story about Sony putting this data on an unencrypted USB stick.

      4) Sony are a shower of anti-free-market asshats (rootkits, GeoHotz etc) and deserve everything they get, but I don't see how this suit helps. This is a *global* problem and needs to be addressed at a state level. The countries involved (i.e. just about everyone) should demand that Sony make good any loses and have ID theft teams.

      5) *IF* one suffers a loss, *IF* one has evidence that Sony is responsible and *IF* Sony do not make good, then one should sue. *IF* this happens repeatedly, then the courts should consider punitive damages/prosecution.

      Just IMHO of course.

      1. Dave Gregory
        WTF?

        Seriously

        What the fuck are you talking about? Bilgepipe's comment doesn't raise any of these issues you seem to have taken great pleasure in making up and shooting down.

      2. The Fuzzy Wotnot
        WTF?

        What on earth are you on about BigYin?!

        What post by Bilge did you read FFS?! I tried hard, I really did, to find the links between your verbal diarrhea and the original post by Bilgepipe and unless Bilge put these points in a tiny, tiny font between the lines in his post I am still at a loss to connect the dots!

  13. Mondo the Magnificent
    Flame

    If the shoe fits...

    I agree that these kind of lawsuits are bullsh*t, but it's great to see the autocratic and litigious Sony Corp. being spanked for once.

    1. CD001

      Really?

      You really, really think that even if this lawsuit is successful that Sony will get any more than a proverbial slap on the wrist?

  14. irish donkey
    WTF?

    Looks like the SONY PR people have arrived

    There is no point in blaming this on the hackers/Geoholt/Anon.

    It is SONY's legal responsibility to ensure the security of their data. They stored it in that way if it gets lost/stolen it's their bad.

    If they spent as much time/money securing their servers as they did securing their consoles this wouldn't have happened. Simples

    Can we have the discussion that they are so protective of their console to protect their network. Obviously a crock of...

    Not a SONY customer and never will be.

  15. Anonymous Coward
    Stop

    If the data was encrypted

    Wouldn't Sony have said so in their releases? "Yes there was a breach but the data was encrypted". The PR department would have jumped on this bit of "good news".

    Although I loathe the whole sue for everything culture that seems to be spreading like a cancer, if it is proved that the data WAS unencrypted then Sony deserve everything they get and should be investigated by every Data protection department in every country it operates in in addition to being massively fined.

    Lets face it people, this is security 101 - basic bloody stuff, someone needs to goto jail over this and its not just the hackers.

  16. Hooch181
    Pirate

    Lol...

    Live by the sword, die by the sword!

  17. Inachu
    WTF?

    I never made any purchse inside the sony universe.

    And look what I got!

    inachu,

    Thank you for your recent order. This e-mail serves as your receipt for a purchase, ******************(NAME REMOVED)

    Order Number: 1097793074

    STATION CASH PURCHASES

    Station Cash Funding Purchase

    $10.00

    Tax:

    $0.00

    Order Total:

    $10.00

    Sony Online Entertainment LLC

    http://www.station.sony.com

  18. Mectron

    Game Over Sony

    The only acceptable resolution for the 70+ millions PSN users:

    1 million each payable NOW. Because this breach is so serious that the exec should be executed, but snce criminal never really get punish for their crimes, loosing money if the only way to punish them.

  19. mraak
    Coat

    This is what I got from Sony

    To protect against possible identity theft or other financial loss, we

    encourage you to remain vigilant, to review your account statements and

    to monitor your credit reports.

    Idiotic?

  20. Thomas 4

    Sony, Sony, Sony

    Even if they beefed up security now, the horse has now bolted to the Bahamas and is now racking up hay margaritas on my credit card.

This topic is closed for new posts.

Other stories you might like