Sony Sued Over Playstation Network Breach
"Like clockwork," Sony has been sued over its Playstation network breach that affected over 75 million of its customers. The class action suit was filed in the Northern District of California, and alleges that Sony did not use "reasonable care to protect, encrypt, and secure the private and sensitive data of its users." The complaint also alleges that Sony did not timely inform its customers of the breach.
On April 26, Sony informed its Playstation Network and Qriocity customers that their personal information, including names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and user names, as well as online user handles, was obtained illegally by an "unauthorized person" between April 17-19. Although Sony states that there is no evidence that credit card information was obtained, it has not ruled out that possibility.
In response to the breach, Sony has temporarily turned off PlayStation Network and Qriocity, its subscription music service, contracted with an outside security firm to investigate the intrusion on its network, and started to rebuild its system and security.
Sony's breach has drawn the attention of lawmakers. Sen. Richard Blumenstein (D-CT) sent a letter on April 26 to the CEO of Sony to express that he was "troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections." Rep. Mary Bono Mack (R-CA) has also announced that a result of the breach, she intends to introduce a data protection bill. The breach has attracted international scrutiny as well, with both the Privacy Commissioner of Canada and the UK's data protection authority announcing investigations of the breach.