Earlier this week, Sony revealed the depth and scope of the data breach that has led to its continued shutdown of PlayStation Network (PSN): More than 70 million users may have had their personal information compromised, including name, address, birthdate, login, password, profile purchase history, billing address, and security questions and answers.
Now, the first lawsuit over the PSN data breach has been filed. 36-year-old Kristopher Johns of Birmingham, Alabama filed suit in the U.S. District Court for the Northern District of California, accusing Sony of failing to take “reasonable care to protect, encrypt, and secure the private and sensitive data of its users.” Sony was so slow in its response to the breach, Johns said, that customers did not have time to “make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions.” Johns is seeking class action status for the suit, meaning that if it moves forward in court, other PSN users with compromised data could join the suit to seek compensation from Sony.
While Sony says that its evidence points to user credit card information having remained secure thus far, it did not rule out the possibility that credit card numbers and expiration dates had been stolen en masse. There are some anecdotal reports floating around the Internet to the effect that a number of PSN users were the victims of credit card fraud this past week.
More lawsuits over the PSN breach are almost certainly expected, and according to privacy experts, this could all potentially cost Sony big:
One expert, Larry Ponemon of privacy and information security research group the Ponemon Institute, said that the total cost to Sony could be $1.5billion (£900million) – from a combination of lost business, compensation, and the cost of rectifying the breach. Other figures being thrown around are even larger, rising as high as $24billion, as estimated by business magazine Forbes.
Published: Apr 28, 2011 09:08 am