PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

213w ago - Update #2: MCST.ca has reported that Canadian Natasha Maksimovic has also filed suit (PDF) against Sony via McPhadden Samac Tuovi LLP for the recent PSN security breach.

Update: MSNBC now reports that Sony's database may already be on sale in an online bazaar, stating that that low-level cybercriminals using "carder" online forums were offering to sell a database of 2.2 million credit-card numbers taken during the PlayStation Network breach.

As a result of yesterday's confirmation from Sony that PSN account information has been compromised, today class action lawsuits are forming against the corporation despite a T&C disagreement that states Sony is not liable for loss of data.

To quote: "We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network," the terms state.

According to the documentation, the first of many defendants is Kristopher Johns, 36, of Birmingham, Alabama.

To quote from CNET: "Sony sued for PlayStation Network data breach

Like clockwork, the first lawsuit resulting from the security breach of the personal data of more than 75 million Sony PlayStation Network customers has been filed.

The suit was filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the U.S. District Court for the Northern District of California. Johns accuses Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."

He also believes Sony took too long to notify him and other customers that their personal information had been exposed. Because of that, the complaint alleges, Sony did not allow its customers "to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions."

The lawsuit is asking for monetary compensation and free credit card monitoring, and is seeking class action status.

Yesterday, Sony warned customers of its PlayStation Network and Qriocity service that their personal information--including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and user names, as well as online user handles--was obtained illegally by an "unauthorized person" between April 17 and 19. The company says there is "no evidence" that credit card information was compromised, but it can't be sure yet.

In the aftermath of the breach Sony has temporarily turned off PlayStation Network and Qriocity, contracted with an outside security firm to investigate the intrusion on its network, and started to rebuild its system and security.

Johns' complaint echoes the concerns of Sen. Richard Blumenthal, a Connecticut Democrat. Blumenthal yesterday wrote a letter to Jack Tretton, president and chief executive of Sony Computer Entertainment America, saying he was troubled that the company had not notified customers sooner about the breach. He also called for Sony to provide affected customers with financial data security services, including free access to credit reporting services for two years to protect against identity theft."

Also from IGN, to quote: "Sony Sued for PSN Security Breach - Class action lawsuit filed this morning against SCEA.

A class action lawsuit was filed against Sony a day after the company publicly admitted that personal information from PlayStation Network was compromised by a security breach. The lawsuit was filed by the Rothken Law Firm today in a California court and alleges Sony "failed to take reasonable care to protect, encrypt, and secure the private and sensitive data."

Yesterday, Sony said it believes an unauthorized person obtained PSN user information, including members' names, addresses, birthdays, and login passwords. The company said there was no evidence that credit card information was stolen, but did not rule out that possibility.

"We brought this lawsuit on behalf of consumers to learn the full extent of Sony PlayStation Network data security practices and the data loss and to seek a remedy for consumers. We are hopeful that Sony will take this opportunity to learn from the network vulnerabilities, provide a remedy to consumers who entrusted their sensitive data to Sony, and lead the way in data security best practices going forward," said Ira P. Rothken an attorney who filed the class action complaint.

"Sony's breach of its customers' trust is staggering. Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't," commented J.R. Parker, co-counsel in the case.

The lawsuit seeks monetary compensation for the data loss and "loss of use of the Sony PlayStation Network, credit monitoring, and other relief according to proof."





Sony Sued Over PSN Security Issues, PSN Terms Exclude Liability

Sony Sued Over PSN Security Issues, PSN Terms Exclude Liability

Sony Sued Over PSN Security Issues, PSN Terms Exclude Liability

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.




#261 - elser1 - 212w ago
elser1's Avatar
LOL Barry.. stupid me used real stuff and hasn't gotten 1 email at all.. slack prix.. oh well if psn is up by sun i'll play again.. if not goodbye sony, monday i'm buying 360!!

#260 - barrybarryk - 212w ago
barrybarryk's Avatar
I just got a SOE email too, ppft kind of makes me glad all my details are false given they've now lost them twice.

#259 - elser1 - 212w ago
elser1's Avatar
interesting.. can anyone find such thing for australians to join? pm me with details if possible.. thanks

michael

#258 - PS4 News - 212w ago
PS4 News's Avatar
Yep, here is another follow-up to our previous article. To quote: http://www.mcst.ca/ClassActions/ClassActionsHome/SonyPSN/
McPhadden Samac Tuovi LLP has commenced a class action against Sony Corporation and other Sony companies related to the theft from Sony of personal information of PlayStation network and Qriocity service users. The theft may also include user credit card information.

The action has been brought on behalf of all persons in Canada who used Sony's online PlayStation network or Qriocity services up to May 2, 2011, and who provided Sony with personal and/or credit or debit card information.

Additional information about the lawsuit may be found in the firm’s media release, which can be found on this website.

If you would like information about this lawsuit, please contact us directly.

Toronto – May 2, 2011
For Immediate Release
Canadian Sony PlayStation Network Class Action

Sony has announced that personal information for 77 million PlayStation and Qriocity users worldwide, 1 million of which are in Canada, has been hacked. It has been alleged that Sony was aware that such information had been stolen but failed to advise users of PlayStation and Quriocity in a timely fashion.

Sony has acknowledged that stolen information may include users’ names, addresses (city, province, postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID and user profile data, including purchase and usage history and billing address (city, province, postal code), and the subscriber’s PlayStation Network/Qriocity password security answers. The same data with respect to a dependent may also have been obtained.

Sony is not able to say whether user credit card or debit card information was also taken. Sony has acknowledged and apologized for breach. To date, the only compensation Sony has offered is 30 or 60 day free memberships on its PlayStation network. While Sony has advised American users about the availability of free credit reports, it has yet to advice Canadian users about credit reports.

The Toronto law firm McPhadden Samac Tuovi LLP has commenced a proposed class action against Sony Japan, Sony USA, Sony Canada and other Sony entities (“Sony” for the breach of privacy. The lawsuit claims damages in excess of $1 billion, which includes having Sony pay the costs of credit monitoring services and fraud insurance coverage for two years.

The plaintiff in the action is 21 year old Mississauga resident who has been an avid PlayStation user for years. Natasha Maksimovic said: “If you can’t trust a huge multi-national corporation like Sony to protect your private information, who can you trust. It appears to me that Sony focuses more on protecting its games than its PlayStation users.”

#257 - oldschool400 - 212w ago
oldschool400's Avatar
I came across this article: http://www.thestar.com/news/article/984932--proposed-class-action-suit-filed-against-sony?bn=1

#256 - leukotic - 212w ago
leukotic's Avatar
So apparently the breach in SOE happened the same time as the PSN breach, however they are only figuring this out now? Sounds like they would have never found out if the PSN breach didn't happen, because they wouldn't have done the investigation into SOE as a precaution.

Either it was a really good hack or their systems are incredibly sub-par (perhaps both).

#255 - PS4 News - 212w ago
PS4 News's Avatar
Here is today's SOE Press Release, doesn't seem like much new from yesterday's initial one though: http://blog.eu.playstation.com/2011/05/03/sony-online-entertainment-issues-security-press-release/
Some of you may have heard today about an announcement from Sony Online Entertainment confirming that they were also victims of a malicious hack. As this could affect those of you with SOE accounts, they have asked us to post their press release on the blog, which should answer some of your questions.

Sony Online Entertainment Announces Theft of Data from Its Systems

Breach believed to stem from initial criminal hack of SOE. Tokyo, May 3, 2011

- Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment LLC (SOE, the company) systems revealed yesterday morning (May 2, Tokyo time) that hackers may have stolen SOE customer information on April 16th and 17th, 2011 (PDT). SOE is based in San Diego, California, U.S.A.

This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.

With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.

On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages. The company is working with the FBI and continuing its own full investigation while working to restore all services.

Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

• name
• address
• e-mail address
• birthdate
• gender
• phone number
• login name
• hashed password.

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

• bank account number
• customer name
• account name
• customer address.

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.

Additionally, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.

Sony Online Entertainment LLC (SOE) has been a recognized worldwide leader in massively multiplayer online games since 1999. Best known for its blockbuster hits and franchises, including EverQuest®, EverQuest® II, Champions of Norrath®, PlanetSide®, Free Realms®, Clone Wars Adventures™, and DC Universe Online™, SOE creates, develops and provides compelling online entertainment for virtually all platforms, including the PlayStation®3 Computer Entertainment System, Personal Computer, mobile and social networks. SOE is building on its proven legacy and pioneering the future of the interactive entertainment space through creative development and inspired gameplay design for audiences of all ages. To learn more, visit www.soe.com.

For more information and update about the SOE services, please visit www.soe.com/securityupdate.

#254 - elser1 - 212w ago
elser1's Avatar
maybe it was the CIA who hacked into psn to get bin ladens address in order to kill him... LOL

#253 - geowrian - 212w ago
geowrian's Avatar
Maybe this attack is due to CFW and piracy, too? Good job, Sony. I'm curious to see if this breech was done by the same person/people. If not, Sony is screwed - that would indicate a huge, systematic problem, not just some hackers getting into a system. That happens all the time...Sony's just a large player. Multiple exploits across multiple systems by multiple people indicates a major failure in design, both in the application and infrastructure layers.

If it was the same group, that's still not saying much that they were able to break in and get info without being noticed, then break in elsewhere a little later and get even more info. That's still gross incompetence.

#252 - GrandpaHomer - 212w ago
GrandpaHomer's Avatar
Quote Originally Posted by leukotic View Post
So what else does Sony have that can be breached to lose millions more accounts?


What about their eBook store ... ?