Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony Sued For PlayStation Network Data Breach

Posted by samzenpus on from the lick-em-while-their-down dept.

suraj.sun writes "Like clockwork, the first lawsuit resulting from the security breach of the personal data of more than 75 million Sony PlayStation Network customers has been filed. The suit was filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the US District Court for the Northern District of California. Johns accuses Sony of not taking 'reasonable care to protect, encrypt, and secure the private and sensitive data of its users.' He also believes Sony took too long to notify him and other customers that their personal information had been exposed. Because of that, the complaint alleges, Sony did not allow its customers 'to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions.'"

4 of 404 comments (clear)

  1. Here's to sinking Sony's battleship by cultiv8 · · Score: 5, Informative

    46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4

    --
    sysadmins and parents of newborns get the same amount of sleep.
  2. Re:not taking reasonable care by mysidia · · Score: 5, Informative

    I'm not sure I buy that first part, given that no online service is ever going to be 100% secure.

    Reasonable care would imply robustly isolating transaction processing systems and user accessible systems from systems that store primary account numbers such as credit card/bank account numbers from online/public access systems such as the internet, or the playstation network.

    Reasonable care would include complying with PCI requirements, relating to auditing, security practices, separation of computer systems by role, and enforcing strong unique access credentials for users and systems.

    So that a compromise of the publicly accessible network cannot lead to compromise of the account numbers.

    This is highly doable. The only commands/services the PSN/publicly accessible servers need from account servers is a command to "add a new account number" to the database linked to a certain customer, a command to "erase an account number", a command to list privacy-filtered summary to display a 'delete' user interface, and a command "authorize/charge a transaction to account number" (without revealing what the number actually is to the transaction processing server).

  3. Re:Class Action by fermat1313 · · Score: 5, Informative

    Wow, I don't think you actually read that document. That opinion had absolutely nothing to do with Products or Services, and it doesn't disable class status for lawsuits. It states that an arbitration agreement that disallows class arbitration is allowable. Basically, if you sign away your right to arbitration by class action, that is valid, and you can't later invoke class-wide arbitration.

    Lots of misinformation around here sometimes.

  4. Re:Check your EULA... you probably can't sue by PRMan · · Score: 5, Informative

    Techdirt just found that 96% of awards in business vs consumer arbitration go to the business. Still stand by your statement?

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...