Gamers wonder why Sony took so long to reveal hack
Published Wednesday, April 27, 2011 10:48PM EDT
The first lawsuit against Sony Corp. over the security breach of its Sony PlayStation gaming network a week ago, which resulted in the theft of about 77 million consumers' data, has been filed.
Sony said Tuesday that the names, addresses, birth dates and other personal data of all the network's customers were stolen last week, in one of the largest data hacks in history.
The company said while there was no evidence yet that credit card data was also stolen, but they "cannot rule out the possibility."
The suit was filed on behalf of Kristopher Johns, 36, in the U.S. District Court for the Northern District.
The lawsuit accuses Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."
Johns, like many other gamers, says Sony took too long to notify him that his information had been exposed.
The lawsuit is seeking class action status and is asking for monetary compensation and free credit card monitoring.
In Canada, Privacy Commissioner Jennifer Stoddart is also looking into the matter.
Though the company pulled the plug on the network on April 20, soon after discovering the breach, it took six days before the public was informed about the stolen data. The delay has left many loyal users furious, with many unleashing their anger on the PlayStation Network blog.
"The fact that you've waited this long to divulge this information to your customers is deplorable. Shame on you," read one message on the blog from a user under the name Korbei83.
"You really should have told us this last week. This is completely unacceptable," wrote another user, VisionaryLight
"You guys are seriously dropping the ball here. You wait a week to finally say something legitimate and it might be something that can ruin the lot of us financially," added VixDiesel.
Sony communications director Patrick Seybold explained in a long post that the company didn't understand the scope of the problem at first.
"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," Seybold posted in the PlayStation Network blog.
"We learned there was an intrusion April 19th and subsequently shut the services down." After several days of forensic analysis, he said, "it took our experts until (Monday) to understand the scope of the breach. We announced it publicly (Tuesday) afternoon."
But for users of the service, who number over 1 million in Canada alone, the worry now is that the hacker or team of hackers have their credit card information.
Sony says users should place fraud alerts on their credit cards. But many users are wondering whether to just cancel their credit card outright. Well-known Internet security blogger Graham Cluley thinks that's an excellent idea.
"If you're a user of Sony's PlayStation Network, now isn't the time to sit back on your sofa and do nothing. You need to act now to minimise the chances that your identity and bank account becomes a casualty following this hack," Cluley wrote Wednesday on his Sophos.com site.
"If I lost my credit card in the back of a taxi, I would cancel my card. If Sony has lost your credit card details, then it's worse."
He also suggested that if a friend had taken his credit card and lost it, he'd certainly cancel the card. He'd also dump the friend.
The PlayStation Network has been down for a full week now. The shutdown has prevented owners of Sony's video game console from playing with rivals over the Internet and from buying and downloading games.
The company says it plans to rebuild the entire network to make it more secure. It says it could be back up this week.
David Skillicorn, a computer security expert with the School of Computing at Queen's University in Kingston, Ont. says this attack is sure to damage Sony's image for a while.
"Sony does come off as looking really bad as a result of this intrusion," he told CTV News Channel Wednesday. "But they're by no means alone. Most large companies don't do a very good job of keeping their information secure."
Skillicorn added that the company will likely have a long way to go to try to restore trust with its base clients.
"I think people will be wary of situation like this for a long time," he said.