April 29, 2011

Sony Faces Legal Action Over PlayStation Breach

Sony Corp. said on Thursday that it was working with police investigators in the wake of an "external intrusion" that resulted in the theft of personal data, including credit card numbers, of PlayStation users worldwide.

The PlayStation Network and Qriocity streaming music service were shut down on April 19, and will be restored only after the company is confident its network is secure, said Sony spokesman Patrick Seybold.

Sony's PlayStation Network allows users to play games online, challenge others over the Internet, stream movies or receive other services. The service generates an estimated half a billion dollars in annual revenue.

Seybold said Sony is "working day and night to restore operations as quickly as possible" and expects to have some services up and running within a week.

"However, we want to be very clear that we will only restore operations when we are confident that the network is secure," Seybold wrote on Thursday in a blog posting on the PlayStation website.

"We are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation," he said.

"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible."

"While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," Seybold wrote, adding that "we are advising you that your credit card number and expiration date may have been obtained."

The company said it had sent emails to all of its 77 million worldwide users to warn them their data might have been stolen.

Microsoft has also warned users of its Xbox Live service of possible attempts to steal personal information in the aftermath of the PlayStation Network hack.

"Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2," the software giant said on the Xbox Live Status website.

"We are aware of the problem and are working to resolve the issue."

Sony did not disclose whether it had identified a culprit in one of the biggest online data infiltrations ever.

The Internet group "ËœAnonymous' had previously vowed retribution against Sony for taking legal action against hackers who cracked PS3 defenses to alter the console operating software.  Anonymous claimed that PS3 owners have the right to do what they wish with them, including change them.

Seybold said Sony was taking steps to enhance security, including relocating its network infrastructure and data center to "a new, more secure location."

The company could face legal action over its delay in disclosing the breach.

Although Sony shut down the network on April 19 after discovering the hack, it was a week later that the company acknowledged the intrusion and that users' data might have been stolen.

Several state attorneys general, including those of Iowa, Connecticut, Florida and Massachusetts, have begun investigating or reviewing the matter.  Regulators such as the Federal Trade Commission could get involved as well. The agency has been known to go after companies that inadequately safeguard consumer data, and could investigate the matter if it finds Sony failed to inform customers about the company's privacy policies.

Members of Congress have also seized on the breach, and one law firm has already filed a suit in California on behalf of consumers.

Late Wednesday, Rothken Law Firm filed a lawsuit against Sony in the Northern District of California court on behalf of individual plaintiff Kristopher Johns

"This suit seeks to redress Sony's failure to adequately provide service to PlayStation consoles and PlayStation Network," said lawyers for the plaintiff in a court filing.

According to the filing, the plaintiff has requested the court to certify the case as a class action, and is seeking unspecified monetary damages.

However, Sony may find itself under the harshest scrutiny from non-U.S. regulators, which have tougher consumer privacy laws.

In Britain, the country's Information Commissioner's Office is already investigating whether the company violated laws requiring it to safeguard users' personal information. 

Shares of Sony's stock closed down 4.5 percent on Thursday, having lost more than 8 percent this week.


On the Net: