After acknowledging that personal information stored on Sony’s online gaming service was compromised, many gamers became irritated by the company’s lack of communication with its user base. It comes as no surprise that one gamer took that anger to the courts, and thus the inevitable onslaught of legal debate has begun. What can Sony do to regain the trust of the 77 million customers now vulnerable to identity fraud?
A few weeks ago, Sony’s Director of Communications stated that an illegal intrusion in their system compromised the personal information of its users. At the time, representatives were unwilling to say how much of the data was stolen. Since then, we have learned that hackers attained every user’s name, birthday, billing address, billing history, online pseudonym, and password. It is unknown at this time whether or not the malicious thieves were able to snag credit card information. According to a recent press release, approximately twelve percent of Sony’s 80 million customers have active credit cards on file
Within days, Kristopher Johns, a resident of Alabama, filed a lawsuit in a US District Court accusing Sony of “negligence in data security” and an inability to provide “reasonable care to protect, encrypt, and secure the private and sensitive data of its users.” He also stated that the company took too long to notify its consumers that their data may have been compromised.
In an interview with IGN, J.R. Parker, a co-counsel in the case, had the following to say regarding his client’s suit:
Sony’s breach of its customers’ trust is staggering. Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn’t.
Patrick Seybold, the aforementioned Director of Communications, attempted to pacify customers by answering a few questions on Playstation.Blog. He described the company’s compliance with law enforcement agencies in bringing those responsible to justice in saying:
We are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.
Seybold noted the fact that credit card data was encrypted on a separate server, meaning that it is unlikely that information was taken. Additionally, he made a point of saying that credit card security codes were not taken because Sony has never collected that information. However, he emphasized that Sony does not know whether or not credit card data was taken in the attack and will not know until data specialists analyze the situation. He kept an air of ambiguity throughout his sentiments, warning consumers to stay vigilant and contact their credit card suppliers if they noticed suspicious activity.
During a press conference in Tokyo that was held over the weekend, Sony executives directly addressed the media regarding the issue for the first time, announcing plans to reward users for lost online time. Detailed by representatives, the program gives all existing PlayStation Network users thirty days of free access to PlayStation Plus, Sony’s premium subscription service. Those who have already subscribed to the service will be granted an additional thirty days of membership free at no additional charge because of their loyalty to the service. Kazuo Hirai issued an official apology at the event:
This criminal act against our network had a significant impact not only on our consumers, but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks. Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.
Unfortunately, the vast majority of users are misinterpreting Sony’s intentions with its “Welcome Back” program. While many believe that this is a form of settlement for data loss, Sony is solely apologizing for lost time. It’s a gift, one that PSN users should be grateful for, but it is not meant to replace the lawsuits that have already started. Data loss by hacking is an expensive game, and Sony is well-aware of that fact.
According to a March report on the security of Internet assets, a litigation consulting firm that wished to remain anonymous described the enormous financial impact that an unauthorized hack can have on a company. On average, it costs companies about $34 million to patch their servers and settle with their customers. Sony’s case, however, is an extreme case. The company is set to lose billions, a blow that will ultimately cripple its financial assets. Sony’s stock has already dropped more than ten percent, and it will not go up anytime in the immediate future.
If one were to look at the information provided on the report, one would find that Sony will lose approximately $24 billion to cover the total costs of dealing with the loss of personal customer data. That would translate to about $318 for every active PlayStation user.
As a devout PlayStation user, I have found Sony’s response to be exceptional. In an age where miscommunication affects reputation, it is easy to say that Sony’s reputation will not be tarnished in the long run. While their reputation and clout may remain intact, the fiscal stability of the company is now questionable, as lawsuits will plague the entertainment conglomerate for years to come.
What do you, fellow gamers, believe? Should Sony be forced to hand out massive amounts of money to its devout user base? Would free PlayStation Plus privileges for a short period of time be enough? Sound off in the comments below.