Sony faces class action lawsuit for PSN fiasco

By on April 29, 2011, 7:12 PM
Go figure: the recent PSN data breach has prompted a class action suit against Sony. Filed in a California district court by the Rothken law firm, the 22-page complaint accuses Sony of failing to adequately secure the sensitive information of its users. The company revealed Wednesday that it stored the contact information, age, location, and usernames/passwords of some 77 million PSN accounts in an unencrypted state. Hackers gained access to this data during a security breach that has left PSN offline since last week.

The filing asserts that some PSN users have begun to experience losses from fraudulent use of credit card information swiped in the breach, but we're not sure how accurate that is. Many users have reported that their financial accounts have been fraudulently charged in recent days, but Sony has repeatedly stated that there is no evidence to suggest credit card numbers were taken. Furthermore, the company kept credit information encrypted on its servers, so we don't know what to make of users' claims just yet. Feel free to chime in if you've been affected.

According to the filing, Sony's negligence violates the Payment Card Industry Standard, a regulation that protects consumers from having their credit card and transaction information stored without the proper security requirements. The suit blames Sony for not informing customers that their data was being stored by insecure methods. It also accuses the company of taking an unreasonably long time to announce the data breach in an official capacity, leaving users with insufficient time to cancel credit cards and change passwords.

"Sony’s breach of its customers' trust is staggering," said Rothken co-counsel J.R. Parker. "Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't." The firm seeks compensation for the time and money users spent for credit monitoring and replacement -- not to mention a new pair of underwear.




User Comments: 43

Got something to say? Post a comment
LinkedKube LinkedKube, TechSpot Project Baby, said:

Oh joy!( Ren and Stimpy voice) Wonder how this will play out.

Win7Dev said:

It was only a matter of time.

Cota Cota said:

supersmashbrada said:

Oh joy!( Ren and Stimpy voice) Wonder how this will play out.

Sacrifice!! Sacrifice!! Sacrifice!! *puts on leaves skirt and takes and ukulele*

gwailo247, TechSpot Chancellor, said:

supersmashbrada said:

Oh joy!( Ren and Stimpy voice) Wonder how this will play out.

Each PSN customer will get $12.74, while the attorneys pocket 200 million.

Guest said:

I hope they finally fixed the nat problem with their server

Trillionsin Trillionsin said:

hahaha. everything seems to be working out as planned.

Win7Dev said:

gwailo247 said:

Each PSN customer will get $12.74, while the attorneys pocket 200 million.

That would be overkill. Sony isn't going to pay out any more than $5 a person. I think it should be more along the lines of $5,000 a person, but this isn't the same thing as illegal music. Even I know how to encrypt simple text or just straight hash it. Granted encryption can be broken, but that would have cut the number of compromised accounts to much less than 77 million.

MrAnderson said:

Didn't all the credit card companies just loose the same kind of infomation? They said the credit card info was encrypted, that was the best we could hope for at this point considering they have not confirmed that this infor was taken or not. Unless I missed the confirmation. It sucks, but what can we do... but wait for the network to go back up so we can link our Portal 2 to PC and play other online games we have all been itching to play - right.

And yes, hopefully this will help improve their network security and stability. Maybe they should have duplicate network and ask hackers to attack it for prizes the same way google tries to improve the browser... uhm... probably will not happen...

Guest said:

I think the lawsuit is a bunch of crap. Just a bunch of gready Lawyers that will get a big chunk of the money and we would get maybe 10.00 bucks out of it.

Guest said:

Am I mistaken? I thought ATT got the supreme court to end class action lawsuits.

Guest said:

this is simply ridiculous ive been reading all the blog posts about how users are owed something because the network is down. i just have one question besides the personal info being taken which was not a good thing and it should have been better protected but that neither he nor there. all the users bitching because they cant play a online game is very depressing. to think someone is losing sleep over a game is sad what has our world come to. now dont get me wrong i love my ps3 and just two days ago my backwards 80 gig died but guess what i am so loyal that im going out tomorrow and getting a new one. its not been 2 weeks i promise u will all survive this and the funny thing is that when the network does come back up everyone will be so eager to play u all will probably crash the server so keep that in mind and also keep in mind that the network usage IS ****ING FREE so compensation for down time is not necessary sincerely raven

Guest said:

Compensation is for people that lost something. What did we lose? The ability to play online for a couple of weeks? I can still play locally and my credit card hasnt been breached in any way. Who exactly is the "class" in this lawsuit? Sony offers me a free service that is currently broken. I guess they can pay me for the down time. What exactly is 14 days worth of free worth these days?

Guest said:

but then u forgot ppl pay 50 pound a year for ps plus n ps3 users pay 200 pound more for our ps3 so why not i bet ur actually really dieing to play it, as u said ur buying a new one lol thts probably worse

Guest said:

I spent at the maximum of £500 so I want that back instead of compensation!!!

Kibaruk Kibaruk, TechSpot Paladin, said:

Hahahaahahaha I love to hear more from this lawsuit =)

Guest said:

THIS IS AMERICA! HECK YEAH!!! We are entitled to everything!

My lawyer advised me to drop the personal data-related lawsuit but instead, I am entitled to an even bigger paycheck if i bring up the mental/emotional stress i received the past week. Without PSN, I was unable to relieve those stress by fragging some nubs in Black OPS multiplayer. He promised i don't have to work for the rest of my life yo!!!

/end sarcasm

Recipe7 Recipe7 said:

Wow.

Shouldn't they allow Sony to find the real culprits rather than steal more things from them, in this case, money?

Or instead, sue those involved.

WOW

Guest said:

That's what you get when you piss off anonymous.

matrix86 matrix86 said:

They can sue all they want, they aren't going to get any money out of it. Unless the hackers got your credit card info and used it to make purchases, the courts aren't going to grant you any money. Sony might get a couple of hefty fines, but that's the most that's going to come out of this.

Guest said:

Hopefully this will be this horrible company's end. They haven't done much other than lose money year after year anyway.

yRaz yRaz said:

Guest said:

Hopefully this will be this horrible company's end. They haven't done much other than lose money year after year anyway.

then all we will have is The xBox and then there will be NO competition.

T77 T77 said:

trillionsin said:

hahaha. everything seems to be working out as planned.

Absolutely correct.... :P

I personally feel that 2010-2011 can be termed as the season of the "suits" !

BTW nice cartoon..

Guest said:

I am not a Sony fan, but if Sony is responsible for being hacked, then so are all the other online companies who got hacked by Anon -- MasterCard, Citi group, Bank of America, etc...

Everyone loses, except for the lawyers, that is. I am going raise my kids to be a lawyer. Heck, I myself am going back to get a law degree, too.

PinothyJ said:

Guest said:

That's what you get when you piss off anonymous.

Anonymous as a whole had nothing to do with ANY attack on the PSN. Anonymous was always going to attack Sony but was never going to put innocent gamers out of their play time because they had nothing to do with Sony's dickings.

Man I want to punch Guests in the ****...

Darth Shiv Darth Shiv said:

"Go figure: the recent PSN data breach has prompted a class action suit against Sony."

It's hardly a trivial matter. They stored personal information that can be used for identity theft unencrypted. A slap on the wrist ain't gonna cut it. Their pockets being significantly lighter will teach them to not be so negligent. It's the only thing companies like this care about. Seriously you think they weren't internally aware of the security risk?

fimbles fimbles said:

Well sony.... How do you feel about the whole client server ownership situation now?

I reccomend releasing a rap song on you tube entitled " Bite the hand that feeds you"

edison5do said:

recipe7 said:

Wow.

Shouldn't they allow Sony to find the real culprits rather than steal more things from them, in this case, money?

Or instead, sue those involved.

WOW

Then you pass me the PS3 KeyCode and they took everything they can from you... Does you really think this is bad?

Adhmuz Adhmuz, TechSpot Paladin, said:

End users will likely see no compensation at all for such a lawsuit, this is just another fine example of the Great US of A and its land of the free and home of the blood thirsty lawyers... But hopefully this case gets thrown out of court for being so pointless. Well not pointless but purposeless, suing Sony now for something like this helps no one.

Guest said:

he can you sell me your old ps3 ?

captaincranky captaincranky, TechSpot Addict, said:

Wow.

Shouldn't they allow Sony to find the real culprits rather than steal more things from them, in this case, money?

Yes, they should free Sony of any obligation towards guarding their customer's person information, thus permitting them to search for the "real criminals".

This is exactly what happened in the verdict of the OJ Simpson trial! OJ was set free to search for the, "real killer", of his ex wife and her boyfriend. OJ now seeks to bring the "real killer" to justice, far and wide, on the golf courses of America...!

They should also free BP from any indemnity for the Gulf Oil Spill. They way they'd be free to search for the "real source" of the oil leak.

Or instead, sue those involved.
This just gets deeper and deeper... "Those involved", (in the hack), probably don't have any money, that's possibly why they tried to steal people's personal information in the first place.

Besides, the hacker's should be, or are, being sought pursuant to criminal charges.

WOW
WOW indeed! If I were going to post an opinion as "controversial" as yours, I would have logged in as a guest. GO SONY....! (That's a NOT)!

gwailo247, TechSpot Chancellor, said:

OJ now seeks to bring the "real killer" to justice, far and wide, on the golf courses of America...!

Psst.

Guest said:

ROFL @ the comic....best description of Sony as a whole. Nice thinking there Sony, but I guess that's what you get for FREE online play. Nothing in this time comes for free, always going to pay a price for that term in general....Free.

Darkshadoe Darkshadoe said:

@gwailo247 - I couldn't get your link to work. I don't know if it was the link or the site. I'm guessing you were linking to this:

On December 5, 2008, Simpson was sentenced to a total of 33 years in prison with the possibility of parole in about 9 years. On September 4, 2009, the Nevada Supreme Court denied a request for bail during Simpson's appeal. In October 2010, the Nevada Supreme Court affirmed his convictions. He is now serving his sentence as Nevada Department of Corrections inmate #1027820 at the Lovelock Correctional Center.

gwailo247, TechSpot Chancellor, said:

@gwailo247 - I couldn't get your link to work. I don't know if it was the link or the site. I'm guessing you were linking to this:

On December 5, 2008, Simpson was sentenced to a total of 33 years in prison with the possibility of parole in about 9 years. On September 4, 2009, the Nevada Supreme Court denied a request for bail during Simpson's appeal. In October 2010, the Nevada Supreme Court affirmed his convictions. He is now serving his sentence as Nevada Department of Corrections inmate #1027820 at the Lovelock Correctional Center.

Actually it was a link to OJ's web page in the Nevada penal system:

[link]

Guest said:

this is sony s way of an excuse to finally charge for the use of psn and probably let the hackers in now they can say we need the extra cash to make the psn more sucure!! plus xbox hasloads of hackers last week some guy hijacked my mates sons account and he had to beg to get it back after the guy had bought games and downloaded them charging his sisters card!!! but xbox hasnt switched the xbl off and you have to pay! also for a company like sony youd expect better this my 3rd console that just seem to brake after a year costing me a rm and a leg and at games costing £45 each and people mainly useing the online function youd think it would be fixed sooner basicly sony are poop but there the best at the moment and will have to put up with

Guest said:

Guest

on April 29, 2011

8:27 PM

"Compensation is for people that lost something. What did we lose? The ability to play online for a couple of weeks? I can still play locally and my credit card hasnt been breached in any way. Who exactly is the "class" in this lawsuit? Sony offers me a free service that is currently broken. I guess they can pay me for the down time. What exactly is 14 days worth of free worth these days?"

Is on-line play really free? You pay $300+ USD for a console, $40+ USD for a game plus plus shipping and taxes, pay for internet services, some ppl pay for games by credit card on-line through PSN and even buy game extras like map packs for on-line play. They should be able to do so with peace of mind that Sony will secure that information at their end. A lot more is at stake here than just 14 days of "free play". Identity & credit card information as well as trust in Sony is on the line.

Guest said:

Credit Card info has definitely been compromised. I live in the western US and recently had 3 charges totaling over 500 dollars from 3 locations in Georgia... So much for Sony's encryption of the Credit Card info.

captaincranky captaincranky, TechSpot Addict, said:

@gwailo247 - I couldn't get your link to work. I don't know if it was the link or the site. I'm guessing you were linking to this:

On December 5, 2008, Simpson was sentenced to a total of 33 years in prison with the possibility of parole in about 9 years. On September 4, 2009, the Nevada Supreme Court denied a request for bail during Simpson's appeal. In October 2010, the Nevada Supreme Court affirmed his convictions. He is now serving his sentence as Nevada Department of Corrections inmate #1027820 at the Lovelock Correctional Center.

I forgot about that...:o But, he was searching the golf courses of America. I think he got himself convicted because he wanted to search for the real killer in prison. Come to think of it, some low security federal prisons may have 9 hole golf courses.

(Those sentences should have rightly been a paragraph each, as in reading it back, I've noticed they have nothing to do with each other).

Guest said:

The lawsuit would be justified if Sony did not meet the compliances that Publicly Listed companies that deal with and store credit card numbers

PCI Compliance

If they did any of the following they are liable

-They stored the Credit Card numbers unencrypted in a database

-They stored the Credit Card numbers on a database directly accessible from Internet (only their servers should have access)

-The Application Server hosting public facing PSN web interface also housed database services/data.

gwailo247, TechSpot Chancellor, said:

I forgot about that...:o But, he was searching the golf courses of America. I think he got himself convicted because he wanted to search for the real killer in prison. Come to think of it, some low security federal prisons may have 9 hole golf courses.

(Those sentences should have rightly been a paragraph each, as in reading it back, I've noticed they have nothing to do with each other).

He'll end up stabbing himself in the shower with a sharpened toothbrush.

Guest said:

I had to get a new debit card and I lost several hundred dollars...**** you Sony...just **** you.

Guest said:

Thats what you get for suing individuals........They sue back..**** Sony ..your updates suck and limit everything..Viva Anon

Guest said:

Focusing on the fact that the service is free misses the real problem.

If you understand the cost of identity theft, you understand the point of the lawsuit. See the text of the class action complaint. There was a breach of security, and a "loss of personal and credit card data stored on SONY's servers." Sony had a duty to keep that information secure, which they failed to do.

Finally, by making Sony pay damages, it gives them an incentive to be more careful.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.