Credit Card Breach May Cost Sony $24 Billion

[Sarah LeBoeuf]

Credit Card Breach May Cost Sony $24 Billion

Financial analysts have estimated that Sony's possible loss of account information may cost the company billions of dollars in damages.

Sony is not certain that personal credit card information was stolen but admitted such theft was a possibility, but even that may cost the company. The Ponemon Institute, a research firm that studied previous credit card hacks, estimated last year that data breaches involving a nefarious attack - which Sony admitted is the case here - cost an average of $318 per compromised record. With Sony's PlayStation Network consisting of 77 million user-created accounts, it may possibly cost $24.5 billion for the company to clean up the mess. In addition, Sony may suffer penalties from governments across the globe for failing to protect consumers' personal information, including a £500,000 fine from the U.K.

"Simply put, [the attack on Sony is] one of the worst breaches we've seen in several years," said Josh Shaul from a company called Application Security that specializes in protecting databases like the one over which Sony lost control. Shaul believes that just the fact that Sony announced the loss of credit card information should cause some alarm.

"They indicated that they're worried about it, which is probably a very strong indication that everything was stolen," he said.

According to United Kingdom's Data Protection Act, all companies that store personal information are required to keep it secret, keep it safe. A representative from the Information Commissioners Office said that even though Sony's EULA attempts to cover them from that responsibility by stating, "We exclude all liability for loss of data or unauthorized access to your data," such a "contract" might not hold up. It depends on whether the data was physically stored within the borders of the United Kingdom and how fast Sony is able to clean up its act.

"If the company is not compliant with the act within a certain time limit, further action would be taken and we might consider an enforcement notice or issue a monetary penalty," the rep said. "For serious breaches of the act, we can issue a monetary penalty up to £500,000."

Another legal expert, Jas Purewal from the GamerLaw blog in the UK, said that all of this is only possible if actual criminal acts can be proved to occur as a result of the breach. "However, it is important to remember that there is no evidence of such misuse of personal data at present. If an account compromise does not actually lead to misuse of such data, then any legal claim would be more difficult."

Now, to be honest, I don't really think that Sony is going to be $24 billion in the hole due to this breach, but it will certainly have an impact on both the future of its PlayStation Network and the viability of such a pervasive gaming network. Xbox Live and Steam might be unaffected now, but this attack on the PSN proves that such networks are vulnerable.

Also, what's been lost in this whole mess is how the attack affects the little guys. The independent developers who sell their games exclusively from PSN haven't made a dime in the last week, and probably won't for a good long time as consumer confidence in the PSN will take a long time to return. Unless Sony bails them out, the devs behind games like Pixel Junk Shooter and Mod Nation Racers are screwed, and I think that's the real tragedy here.

Source: Forbes [http://www.next-gen.biz/news/sony-tcs-claim-no-liability-for-data-loss]

Permalink

 

[rembrandtqeinstein]

"According to United Kingdom's Data Protection Act, all companies that store personal information are required to keep it secret, keep it safe."

 

[Melon Hunter]

Ultimately, it's probably going to cost them more than this, when you factor in the huge loss of consumer confidence in their brand. I reckon a lot of people will think twice about getting a PS3 or an NGP (when it comes out) after this.

 

[Celtic_Kerr]

With Sony's PlayStation Network consisting of 77 million user-created accounts, it may possibly cost $24.5 for the company to clean up the mess.

Might wanna add the billion after $24.5

 

[Harbinger_]

Honestly the "fact" that there hasn't been a recorded misuse of customer's data yet by the instigators of this incident doesn't matter in my opinion. The threat alone is enough to cause stress, fear and alot of panicking from those affected.

 

[robert022614]

"it may possibly cost $24.5 for the company to clean up the mess."

Wow Sony must have some hard core insurance with a co payment that low lol.

 

[Booze Zombie]

I've never participated in a console war in my life, but I am very glad at this particular moment in time to not be a Sony customer.

Anyone who is, you have my sincest sympathies and I hope nothing bad happens to you.

 

[Frizzle]

In my own little mind, I like to think that the people who did this, only did it to teach people a lesson about security. Maybe they stole all that stuff, and then deleted it so they don't have it anymore. Kind of like the people who called out the CEO of sprint about the privacy of their customer's information.

 

[Shadie777]

These hackers that caused this are monumentous dicks. This has not only affected innocent sony employees but game developers and every fucking person on psn. I think I speak for (almost) everyone when I say, "Fuck you hackers". This obviously does not apply to the hackers which aren't cunts.

 

[beema]

Ultimately, it's probably going to cost them more than this, when you factor in the huge loss of consumer confidence in their brand. I reckon a lot of people will think twice about getting a PS3 or an NGP (when it comes out) after this.

I'm not sure about that. Yes, lots of people are saying that right now, but our collective society is very quick to forget things that aren't blasting them in the face. As soon as this stops making headlines, I'm betting that most people completely forget about it and move on. Especially in this gaming culture where everyone HAS to have the newest thing all the time. Seems like every week there's some new "outrage" going around in the gaming community with people swearing up and down that they will never give another cent to a company, and then a few days later they are buying the next game anyways.
Add to that all the people who are completely clueless about video game industry news and developments.

Obviously this is a much more grievous offense than most previous issues that have brought out protests (portal 2 dlc, ea online pass, ubisoft drm, etc), so I hope that you are right -- Sony SHOULD feel an impact from this.

Personally I have already cancelled my credit card and changed whatever passwords I can. I'm hoping I don't have any recurring bills that try to bill my credit card before my new one arrives, but other than that I doubt I will be financially affected by this in any way (fingers crossed). Still, what happened feels very wrong and angers me.

 

[Owlslayer]

Oh my. My mind can't even comprehend how much money that is. Though i seriously doubt it'll cost that much... Well, i hope, at least.

Either way, there seems to be difficult days coming up for Sony, not to speak of all the little guys, as the article pointed out. Hopefully they can come trough of this crapstorm.

 

[JDKJ]

Financial analysts have estimated that Sony's possible loss of account information may cost the company billions of dollars in damages.

I read this article three times and can't find not one financial analyst.

The Ponemon Institute conducts independent research on privacy, data protection and information security policy. Application Security provides comprehensive solutions for database security, monitoring, database vulnerability assessment, auditing, encryption, etc., etc. Jas Purewal is a blogger and self-described "games lawyer." Not one of these is a "financial analyst" by any stretch of the imagination.

Did I miss a quote from Michael Pachter (although, given his track record, calling Pachter a "financial analyst" could be stretch, too, but at least he's somewhere in the ballpark)?

 

[AbstractStream]

Oooh Sony...I used to defend you but now you have made me look like a fool.
I'm already thinking twice about the NGP. Anything that Sony was developing is probably (secretly, because they love their secrets) on hiatus for now.

 

[Liudeius]

That is horrible math... Whoever did that "research" and put it out as if fact should be fired. Not every account has a credit card attached, not every account with a credit card was necessarily compromised, and to assume it will be an equivalent loss per account to another incident is foolish.

 

[Misho-]

Well, it's too bad for Sony... Everyone is rearing their ugly heads to charge at them and nobody is really THAT concerned about catching whomever did this... If they manage to escape is going to be really... really... Really sad...

Also it made me think Gandalf was the one who wrote the United Kingdom's Data Protection Act. Lol

Oooooh wait! I see what you did there...

 

[Low Key]

So much for the PS3 finally being profitable.

 

[Levi93]

I read earlier on /v/ someone said that this was gonna bankrupt Sony and most people just lol'd at his remark, now I'm not good at financing but $24 billion is a lot of fucking money and that guys comment seems a little more plausable now the figures are out.

I really don't think Sony is going to get out of this in one piece, but I hope that this scenerio works out for the best for them and that the people responsible are caught.

 

[cardinalwiggles]

plus theres going to be some kind of compensation for everyone regarding credit card status of this outage and information loss, last time it happened on xbox live a free game was given out at probably great expense for the week. This kind of outage and outrage. will require a greater sacrifice i reckon. Tack the cost of that at the end of the 24 billion. plus 500,000 for U.K. Data Protection enfringement.

Ouch.