We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

PlayStation lawsuit could mean long wait by customers for not much

PlayStation Network customers involved in a class-action lawsuit against Sony could be waiting years for small compensation for damages they suffer as a result of their personal information being stolen during a breach last month, according to the lead attorney in the suit.

Depending on how cooperative Sony is, the case will take a year or longer to reach a settlement, says Ira Rothken, and it's up in the air what damages might be assessed.

Complicating factors are that credit card numbers may or may not have been stolen, and the encryption on them may or may not have been broken. If it turns out they have been sold and used by criminals, claims against the company could rise, Rothken says.

ONGOING RISK: The Sony PlayStation Network breach: An identity-theft bonanza

He is keying in on the fact that Sony says it didn't encrypt passwords, user names, email addresses and other personal information as demonstration that Sony didn't adequately protect the data.

The lawsuit claims Sony had inadequate firewalls, inadequate use of encryption and unauthorized storage of data, violating PCI standards and California law governing security of customer information.

Rothken says his firm is gathering information about the breach and assessing its credibility, but wouldn't discuss its details. He says the most credible information will come during deposition of Sony officials and others who investigate the breach directly.

Sony admits id didn't encrypt some of the data, and that is the basis of some of the charges. The PCI violation charge comes because there has never been a breach in which the victim company was in compliance with PCI, he says.

BACKGROUND: Sony apologizes, details PlayStation Network attack

The consequences for Sony could be costly, Rothken says. If each of the 77 million PlayStation Network customers whose information was stolen gets just $10, that's $770 million out of Sony's pockets, he says.

The class action could be divided into subclasses, for those whose password was stolen or those whose credit card information was stolen, for example. Other subclasses could be those who paid for using PlayStation Network services but have been unable to because the network is down, or those who bought multiplayer games, but can't connect to play with other gamers.

These customers could become victims of what Rothken calls a viral data breach in which the information stolen from PlayStation Network is used to crack into other customer accounts. Many consumers use the same password over and over at different online e-commerce sites, so security of their accounts at those other sites could be jeopardized as well, he says.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia