Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

TJX Data Breach May Take Back Seat to Sony PlayStation Network Breach

Posted in Uncategorized

Written by Julia Siripurapu

Sony Corp. has acknowledged on its PlayStation website that between April 17 and April 19, its PlayStation and Qriocity networks were the subject of a hacking attack. As a result of this attack, the personal information, including name, address, email address, birth date, passwords, security question answers, and credit card data, of Sony’s PlayStation Network and Qriocity networked game services estimated 77 million users is believed to have been compromised, making this the largest data breach to date.

Sony’s delay in confirming the attack and notifying users of the data breach has been widely criticized by the user base and the media. In fact, the first class action against Sony was filed yesterday in the U.S. District Court for the Northern District of California in San Francisco on behalf of user Kristopher Johns on grounds of breach of warranty, negligent data security, violations of consumers’ rights of privacy, failure to protect those rights, and failure and on-going refusal to timely inform consumers of unauthorized third party access to their credit card account and other nonpublic and private financial information.

The incident, characterized as a “catastrophic failure” by the New York Times , has also received attention from legislators. On Tuesday, Sen. Richard Blumenthal (D-Conn), in a letter to Sony , questioned the company’s delay of nearly a week to notify users about the attack and the breach of their personal information. Given the recent rise in data breaches and Congress’ focus on privacy legislation it is very likely that this incident is also already on the radar of other legislators, the Federal Trade Commission and state attorney generals.

Sony is not only under the microscope from U.S. legislators and regulators, the UK’s Information Commissioner’s Office told DataGuidance today that it has contacted Sony and will be making further enquiries to establish the precise nature of the [data breach] before decided what action, if any, needs to be taken.

Stay tuned for updates!