Litigation floodgates breached as US man starts legal action over PSN hacking
A US man has filed a lawsuit against Sony following the PSN hacker attack and user data leak that has seen the service shut down for over a week.
As noted by Cnet, Kristopher Johns, 36, from Birmingham, Alabama, filed the suit yesterday in the US District Court for the Northern District of California. In it Sony are accused of not taking “reasonable care to protect, encrypt, and secure the private and sensitive data of its users”.
Other areas of the suit claim that Sony did not explain the severity of the security breach – which has user information of all 77m PSN users exposed to hackers – to its customers for an unacceptably long period of time. This meant that Johns and other users were not allowed “to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions”.
The lawsuit, which is seeking class action status, asks for financial compensation and free credit card monitoring for Johns.
The action could mark the beginning of a difficult legal period for Sony, which is already facing investigation by the ICO in the UK over user information protection.
Advertisement
April 28th was on FRIDAY!!
This is just ridiculous, really have nothing better to do, ooooh i cant play my ps3 online oh no, oh no, i hate my life.
A time waster. The guy is suing for what exactly?
Certainly he has lost nothing other than access temporarily to a free service.
I'm sure Sony has taken all
"reasonable" precautions etc, but won't have taken unreasonable precautions such as requiring users to hand deliver cash to their headquarters when making purchases. It's the only way to be sure, except for hiring body guards for you to ensure you're not mugged on the way.
This is completely out of order unless he can put hand on heart and say he takes all the necessary precautions with the protection of his own data, such as;
Erasing his mobile phone data (on replacement) and then physically destroys them afterwards because the option to shred the memory with random bits isn't available and could be retrieved if disposed of with a mobile phone recycling company.
He digital shreds of all PC storage devices(hard drives, memory sticks, usb drives) after use with multipasses of random 1's & 0's, and also physically destroys any backup Cds/DVDs, or stores them in a security safe.
Doesn't use unencrypted transport mechanisms (such as old POP/SMTP for email that can be packet snooped), and ensures all passwords are different on each website used and ensures they are strong passwords(mix of upper & lower case letters and numbers of 8 characters or more not representing dictionary words).
Doesn't write passwords down or print them out, or if he does then he stores them in a secure safe.
Without taking all(or most of) these measures personally it smacks of hypocrisy
Actually it's completely in order. As an individual you largely only have responsability for yourself. Once you take on a role in the community your responsability burden is increased as you make implicit and explicity decisions for others.
Also with your laundry list of 'unlikely' security measures; I think you'll find that many people make that commitment to their own security and more. Perhaps you should be looking at yourself and asking why you don't?
I do use those secure precautions and a few more, but I think you are overestimating the normal PSN user's precautions taken to make this a valid class action lawsuit.
When many close friends of mine (who still work) in network management regularly tell me that my own domestic precautions are overkill, it is fairly logical to believe that PSN “joe public”; being represented in this class action are doing enough for their own personal security, or anywhere close to the PSN security infrastructure.
We've been told the info was three domain firewalls deep, credit card info was securely encrypted, passwords were hashed(but not considered latest secure hashing). So it hardly sounds like company negligence to warrant financial losses; more like unlucky victim of hacking.
Names, addresses, etc are all available from the electoral register anyway, so what has meaningfully been lost through negligence to warrant compensation?
this is ridiculous
hurry up and bring it back on already
I don't have a PS3 but good on the guy, Sony deserved to understand that they need to make the protection of user data a top priority. They have already confessed they knew of the flaw in their systems prior to the hack which is unacceptable.
