The powers-that-be and lawyers have got Sony in their sights and are beginning to squeeze the trigger over the PSN hacking incident.
Last week’s data breach involved some 77 million PSN users, and to say it was a major security lapse would be something of an understatement.
The lawsuits have begun, Gamasutra reports, with a federal class action suit filed against SCEA in a California district court.
The lawsuit, on behalf of Kristopher Johns and other PSN members, levels an accusation of “failure to maintain adequate computer data security of consumer personal data and financial data”.
The suit alleges that Sony has undershot the legal security requirements for the protection of customer data, and has violated the Payment Card Industry Data Security Standard by not protecting customers’ credit card details sufficiently.
Compensation is due, the lawyers reckon, to PSN users for the time and effort they’ve been forced to expend monitoring credit card and bank details, as well as potentially organising replacement cards.
It also notes that compensation is due for not being able to access PSN or Qriocity for the last week.
Sony is also copping flak from governments on both sides of the Altantic. In the UK, the ICO is to start an investigation into what happened, to determine whether any further action or punishment is needed if Sony has been derelict in its security duties.
What has got a lot of people’s proverbial goat is that Sony was so slow to announce the serious nature of the data breach. Indeed, a US Senator, Richard Blumenthal, has written to SCEA’s boss criticising the time taken to notify PSN users of what had happened.
Sony claimed yesterday that experts assessing the security leak didn’t fully understand the scope of the breach until the previous day, whereupon it announced the details. An unlikely sounding story.
Sony is certainly in for a rough ride for the foreseeable. The PlayStation Network isn’t expected to be brought back online until early next week.