After the PlayStation Hack, a Legal Pile-On Against Sony
It looks like Sony is going to be spending a lot more money on lawyers. After admitting that an attack by an unknown hacker included a breach of customer data of some 77 million people on its PlayStation Network and its Qriocity media store, Sony has been sued in federal court in San Francisco by a plaintiff in Alabama, and it’s hard to say there won’t be more suits like it to follow.
Sony says that the credit card data associated with the accounts was encrypted, though there are anecdotal reports of credit card fraud occurring coincidental with the timing of the breach.
On top of that, regulators in places as varied as Connecticut and the U.K. and Ireland are demanding information, often the first step in investigations that lead to lawsuits. The office of Ireland’s data protection commissioner (cool title) says it wants a full report on the incident by the end of the week. The U.K.’s Information Commissioner’s Office is investigating. Perhaps Sony’s one lucky draw in all this, as Parmy Olson of Forbes notes, is that it won’t have to face the full fury of the European Union because authority for data privacy issues are reserved to individual member countries.
Meanwhile, the attorneys general of several U.S. states are starting to rumble, starting with Connecticut’s George Jepson, who said he is launching an investigation, while his counterparts in Missouri and Iowa are making the kind of public statements that are often a precursor to investigations of their own. A few lawmakers in Congress are tsk-ing disapprovingly too, mulling hearings and new legislation. Below is an appearance on CNBC by Sen. Richard Blumenthal, D-Conn., suggesting that the Department of Justice should launch its own investigation.
Thanks, Senator. However, my guess is that if the systems compromised are in the U.S.–and given the number of PlayStation Network customers there are in the U.S., how can they not be?–then one branch of Justice is already likely involved: The FBI. Hasn’t Sony already disclosed that it’s working with law enforcement? This isn’t exactly the sort of thing for which you call a local police agency.
