There have been hundreds of articles written in the past week on the Sony Playstation Network breaches.  Cynthia Larose, chair of Mintz Levin’s Privacy and Data Security practice, has been quoted in several articles over the weekend, including The Wall Street Journal [registration may be required], Reuters, and The Chicago Tribune.

In The Wall Street Journal, Larose said,

Taken as a whole, the number of customers affected, the PR impact and now the legislative inquiries” rank these data breaches “at the top.”


Written by Kevin McGinty

With the inevitability of death and taxes, data breaches spawn class action lawsuits.  The massive Sony PlayStation Network data breach has now resulted in the filing of a class action in federal court in Massachusetts captioned Thompson v. Sony Computer Entertainment.  The named plaintiff asserts her claims on behalf of a putative class consisting of all persons nationwide “who purchased a Sony PlayStation console and subscribed to the PlayStation Network or Qriocity service, and suffered loss of service and have had personal or financial data stolen or compromised from Defendants’ computer systems.”   (Full disclosure:  I am a potential class member).

 More after the jump.


Continue Reading Let The Litigation Begin – Sony PlayStation Data Breach Class Action Filed in Boston

Written by Julia Siripurapu

Yesterday, in a Customer Service Notification posted on its website, Sony Online Entertainment LLC (“SOE”) based in San Diego, California revealed that its systems were also the subject of a hacking attack. Sony Corporation and Sony Computer Entertainment announced in a press release issued this morning, that based on their ongoing investigations into the incident, the hacking attack of the SOE systems took place on April 16 and 17th and resulted in the unauthorized access to the personal information (name, address, e-mail address, birth date, gender, phone number, login name, and hashed password) of approximately 24.6 million SOE customers as well as approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes) and 10,700 direct debit records (bank account number, customer name, account name, and customer address) of SOE customers in Austria, Germany, Netherlands and Spain from an outdated database from 2007.

Add these records with the totals of last week’s PlayStation Network breach , and the number of Sony customers whose personal information has now been compromised is over 100 million –easily making this one of (if not the largest) data breach in history.

On Capitol Hill, the House Subcommittee on Commerce, Manufacturing, and Trade will hold a hearing tomorrow titled “The Threat of Data Theft to American Consumers” to “examine risks related to data breaches, the state of ongoing investigations, current industry data security practices, and available technology” and representatives from the Federal Trade Commission, U.S. Secret Service, the Center for Democracy and Technology, and Purdue University are expected to testify at the hearing (see hearing Background Memo). While Sony declined to testify at this hearing, it has agreed to submit answers to the Subcommittee’s questions about the PlayStation Network cyber attack by end of business today.


Update on the breach that exposed the information on 77 million users of Sony’s PlayStation Network:

Kevin Poulsen, a writer for Wired Magazine‘s excellent blog, Threat Level, reports that Sony says that credit card numbers potentially stolen in the breach were encrypted.   Poulsen quotes Sony, writing:

All of the data was protected, and access was restricted both physically and through the perimeter and security of the network,” Sony wrote in a blog post.

The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

If you want to keep up with the technical and back-story side of this massive breach, Kevin’s reporting is top-notch.


There are many articles (see links below) being written and blogged today regarding the PSN breach.  The Hill reports this afternoon that Representative Mary Bono Mack (R-CA) has announced a plan to introduce legislation to protect online consumer information.  Bono Mack, as Chairman of the Energy and Commerce Trade Subcommittee, said that they will be investigating the PSN breach.

Further reading

CNET suggests in its article that legal recourse could prove difficult due to language in Sony’s terms of service.

ComputerWorld – Sony breach caused by poor security

ComputerWorld Australia – Privacy Commissioner to begin investigation

Radio New Zealand – New Zealand’s Privacy Commissioner urges PSN users to be vigilant