May 4, 2011
When It Rains, It Pours
Boy oh boy.…I guess it will get worse before it gets better. Where to start? Well everyone knows about the hack and loss of data. Time for the legal stuff. About a week ago a law firm filed a class action lawsuit on Sony… that was only the beginning. Today a Toronto law firm McPhadden Samac Tuovi LLP, filed against Sony Japan, Sony USA, Sony Canada, and “other Sony entities”, saying Sony must pay their client for the “costs of credit monitoring services and fraud insurance coverage for two years”. Oh and here’s the kicker they are suing for the low, low price of one billion dollars. Sounds like the kind of number a comic book villian would ask for ransom of a city. If two lawsuits weren’t enough, Sony had to answer to the U.S. House of Representatives. Sony’s CEO, Kazuo Hirai, submitted six pages worth of answers to the House of Representatives. Here is a little of what was in the letter:
‑Sony has been the victim of a very carefully planned, professional, highly sophisticated criminal cyber attack.
‑They discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
‑By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, they notified customers of those facts.
‑As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
‑Protecting individuals’ personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cyber crime and cyber terrorism.
‑Sony is taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
Most of this was already stated in Sony’s press conference earlier this week. Sony is getting put through the ringer for its failure to keep their data secure. Who knows what else is to come. Probably more lawsuits and legal action. With this snowballing like it is, I can’t wait to tune into Sony’s conference at E3. Can we say giveaways?