Sony Online Entertainment

Everyone loves a good courtroom drama.  So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system.  Once inside, they steal the most sensitive personal information of the studio’s stars, executives and employees.  Their most intimate secrets, spilled over the Internet.  Who can help these poor souls?  Why, the brave and hard working class action lawyers, that’s who.  Through grit, pluck and lawyerly derring-do, our intrepid heroes soon bring the evil wrongdoers to justice.  Think “The Manchurian Candidate” meets “Erin Brockovitch.”

But real life is rarely like the movies, even when it involves the movies.  Yes, Sony Pictures Entertainment (“SPE”) did suffer a cyberattack that disclosed employees’ personally identifiable information (“PII”).  The data breach was allegedly perpetrated by North Korean hackers in retaliation for SPE’s release of “The Interview,” a satirical comedy depicting an attempt on the life of North Korean dictator Kim Jong-Un.  And class action litigation predictably followed.  But the evil wrongdoers who faced the wrath of class counsel?  Alas, the hackers were inconveniently beyond the reach of our legal system and, thus, unavailable to answer for their crime.  So SPE, the studio victimized by the hack, would have to do. Continue Reading It’s A Wrap! Sony Pictures Data Breach Case Settles Without A Hollywood Ending For The Plaintiff Class

Written by Kevin McGinty

With the inevitability of death and taxes, data breaches spawn class action lawsuits.  The massive Sony PlayStation Network data breach has now resulted in the filing of a class action in federal court in Massachusetts captioned Thompson v. Sony Computer Entertainment.  The named plaintiff asserts her claims on behalf of a putative class consisting of all persons nationwide “who purchased a Sony PlayStation console and subscribed to the PlayStation Network or Qriocity service, and suffered loss of service and have had personal or financial data stolen or compromised from Defendants’ computer systems.”   (Full disclosure:  I am a potential class member).

 More after the jump.


Continue Reading Let The Litigation Begin – Sony PlayStation Data Breach Class Action Filed in Boston

We’ve had the Epsilon breach.   We’ve had Sony Breach One and Sony Breach Two.   Today, Bloomberg News reports on a breach that may be, as one security expert in the article calls it, “the nastiest password hack in history….”  LastPass is reporting that hackers may have broken into its database and stolen info on as many as 1.25 million users.

LastPass is a company whose entire business model is built around safeguarding and simplifying users online passwords.  Users subscribe to the service to create a single sign-on password with advertised “enhanced security features” to access their entire online persona — banking, shopping, or any other secure site requiring a password.  In fact, their slogan is “The Last Password You’ll Ever Need.”    The company has posed a notice on its site telling people “not to panic” but to change their master password.  The servers appear to be overloaded and customer support is tweeting “I assure you, your data is secure…”

Written by Julia Siripurapu

Yesterday, in a Customer Service Notification posted on its website, Sony Online Entertainment LLC (“SOE”) based in San Diego, California revealed that its systems were also the subject of a hacking attack. Sony Corporation and Sony Computer Entertainment announced in a press release issued this morning, that based on their ongoing investigations into the incident, the hacking attack of the SOE systems took place on April 16 and 17th and resulted in the unauthorized access to the personal information (name, address, e-mail address, birth date, gender, phone number, login name, and hashed password) of approximately 24.6 million SOE customers as well as approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes) and 10,700 direct debit records (bank account number, customer name, account name, and customer address) of SOE customers in Austria, Germany, Netherlands and Spain from an outdated database from 2007.

Add these records with the totals of last week’s PlayStation Network breach , and the number of Sony customers whose personal information has now been compromised is over 100 million –easily making this one of (if not the largest) data breach in history.

On Capitol Hill, the House Subcommittee on Commerce, Manufacturing, and Trade will hold a hearing tomorrow titled “The Threat of Data Theft to American Consumers” to “examine risks related to data breaches, the state of ongoing investigations, current industry data security practices, and available technology” and representatives from the Federal Trade Commission, U.S. Secret Service, the Center for Democracy and Technology, and Purdue University are expected to testify at the hearing (see hearing Background Memo). While Sony declined to testify at this hearing, it has agreed to submit answers to the Subcommittee’s questions about the PlayStation Network cyber attack by end of business today.