Class-Action Lawsuit Filed Against Sony for Data Breach

Published 4 years ago by , Updated February 10th, 2012 at 8:40 pm,

Sony PlayStation Network PSN Lawsuit

The bad news just keeps on rolling in for Sony. The recent leak of personal identification information for over 77 million accounts was bound to stir up a lawsuit, and in record timing, the Rothken Law Firm and Kershaw, Cutter & Ratinoff, LLP have filed a federal class-action suit on behalf of Alabama resident, Kristopher Johns, in the Northern District of California. 

The Complaint alleges that Sony failed “to maintain adequate computer data security of consumer personal data and financial data” in violation of California law and seeks damages for their “loss (both temporary and permanent) of use of their PlayStation consoles and the PlayStation Network and Qriocity services…and their time and effort spent attempting to protect their privacy, identities and financial information.” The suit is seeking damages in excess of 5 million dollars, which includes the costs of credit monitoring for members of the class and punitive damages.

One of the central arguments in the Complaint is that Sony knew of the breach for at least six days and did not notify its users when it should have. Sony recently explained on their official blog that the reason for the delay was because the company did not immediately realize that personal information had been compromised. While this fact will ultimately be one for a jury to decide, a bigger concern for Sony is that their Privacy Agreement for the PlayStation Network contained the following clause:

Accuracy & Security

We take reasonable measures to protect the confidentiality, security, and integrity of the personal information collected from our website visitors. Personal information is stored in secure operating environments that are not available to the public and that are only accessible to authorized employees.  We also have security measures in place to protect the loss, misuse, and alteration of the information under our control…

Sony has already admitted that it failed to encrypt the personal identification information of its user accounts, which could partially substantiate the claims asserted in the Complaint:

Q&A #1 for PlayStation Network and Qriocity Services

Q: Was my personal data encrypted?

A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

No network is completely safe from hacking and the legal standard Sony will be judged under will not be one of 100% infallibility. That being said, if Sony failed to install security measures in place that met the accepted industry standards, the company could be at risk. By not encrypting users’ data, Sony may not have met that burden. In order to prevent further information about the security of its network to become public, Sony may attempt to settle the matter early if the Northern District Court of California grants class certification. Failure to do so would only extend this public relations nightmare.

Wedbush Securities analyst, Michael Pachter, has estimated that the total loss of revenue from the PlayStation Network outage alone to be approximately $20 million and that the cost of reimbursing PlayStation Plus members would be about another $10 million. Based upon a 2010 estimate issued by The Ponemon Institute, a data-security research firm, Sony could potentially incur an additional cost of $318 per compromised record where a criminal act resulted. At over 77 million user accounts, this could result in a total loss over 24 billion dollars (!).

Of course, this is just a generalized estimate and there’s no solid evidence to date that any of the illegally obtained data has been used to commit identity theft or credit card fraud. If this case were to settle, Sony would likely agree to provide free credit monitoring for two or three years and insurance for any resulting losses as suggested by United States Senator Richard Blumenthal of Connecticut. That solution, however, would only apply to those users in the United States. Sony could still be at risk for additional losses or fines in other countries where the privacy laws are much more strict.

We expect that additional class actions will be filed over the coming weeks and will eventually be consolidated. At that point, Sony will have to decide whether it wishes to fight class certification or to offer an early settlement. Either way, the data loss will probably be an expensive lesson for the company.

Sources: Forbes; Joystiq

TAGS: PS3, PSN, Sony

  • negacrowbar

    Where do I sign up?? I want my five dollar check.

  • Bradley Davis

    My god I hate stupidity. This guy is gonna lose and shouldn’t have wasted his time or money for this one

    • Rhillstrand02

      WOW, really? Your going to ask for damages from a FREE service (unless you have PSN Plus, I can understand some compensation), but really?? This is going to far. I’ve been in IT for awhile and dealing with computers, networks etc is a tough job. If someone is determined, they will have your information. Nuff said…

  • jwalka

    cant wait until they hack steam hehehe that’ll be one of the most memorable days in my life 😀

    P.S no joke, i mean what i said.

    • Grum

      Hack Steam? What kind of gutter rat are you? You frackin’ hacker-lover. That’s what you are. Get outta here you tool.

    • A fellow PSN user

      You have a boring life, hacker.

  • DrFreis

    Wow, just, wow. I really hope loses, because it probably didn’t matter if Sony had awesome protection, hackers know how to pass all kinds of security. This is a waste of time and money.

  • Killelmo190

    This guy’s probably one of the hackers and decided to try and make money off it.

  • Anonymous

    FREE service or not compensation is a must! Why do you think people even buy ps3 for free internet there for if there is no online gaming you just paid $300 or so on a service you cant use. So all of you that say its a free service and we dont have a reason to be upset, do a little deeper thinking I know it might be hard for some of you. Thats what swayed me to ps3 was free service, well its far from free now. Its un usable. I will give Sony till the Monday morning of 5/2/11 then I am off to gamestop to trade in this paper weight known as ps3 for a xbox360 and never look back.” WHAT ARE YOU GONNA DO FOR US SONY????????????”

    • theSAGE

      completely agree with the guy above me… i am on my 3rd ps3!!! i have them all STILL, but with a T1 line, 5 gaming pc’s, and 3 xbox’s with all there own monitors… i bought the 3rd 1 because of socom and other games that i want to play with my friends… but i am also about to take back my ps3, i run multiple clans and so this is a HUGE problem… im wasting money with ps3 at the moment… sooo like he said ” WHAT ARE YOU GONNA DO FOR US SONY????????????????? “

      • WTFever

        Dude with your grasp of the english language, and all the money you supposedly spend on gaming I would like to say to you sir “BULL $H1T”. I would love to sign up for this because I for one should not have to pay to run or check my credit report. Or have to monitor it since it is a breach on thier part, and I was told the information was safe. This is what people want to be compensated for.

        As for the liar with a T1 and his 5 xbox’s and his 3rd PS3 (which I have not yet to understand why he couldnt play socom on the first two) GTFO tool.

        • theSAGE

          Awwww you Poor BABY… well thats too bad, actually with my grasp of the english language i was able to READ the RULES “Rules: No profanity or personal attacks” and you for some much more godly reason than me seemed to ingore that. Like i said though, thats too bad, its also too bad you dont own your own sofware company and have the means to have a Gamning Palace with all the curent systems(+5 Gaming PCs *not XBOX’s*) to enjoy with friends, i am talking about playing with multiple people next to me on a T1 together on-line, so when the last socom came out and I BOUGHT a 3rd ps3 for that exact reason THEN the NETWORK was attacked. so I no longer am able to play 3 people online on the 3 ps3’s i have, HAHAHA you cant monitor your own expenses on A card!?!?! you sir seem to be the tool, there is many ways to stay on top of your spending especially on a CARD there is online banking, smartphone apps that can tell you the second shady behavior is found… etc etc **** I am ONLY MAD at SONY for BEING too incompetent to update there SECURITY software, because almost 3 weeks of downtime on there server is just unacceptable ****

          o and WTFever, thx for the SLAP and TICKLE

  • Stephanie

    That is why we do PSN cards cause credit cards are never safe being out there like that on any system. That is the only true way to be safe. Use cash to pay for PSN cards, then put that on for PSN play. It is the only way I play on all my systems.