Sony Might Owe Canada $1 Billion Over PSN Attack

[Tony2077]

for fuck sakes Canada i thought we were smarter then this i hope this falls and dies

 

[Richard Allen]

I approve of this. Sony's failure to protect personal details of it's clientsand they're going to pay for it.

That is bullshit, complete bullshit, the hackers are the ones who should pay, not Sony. Trying to blame Sony for it is such a cop-out and show's how ignorant people truly are

Yes sony clearly designed the network well and was great at protecting our details.... oh that's not the case? You mean they stored much of it unencrypted? I see, well clearly they wouldn't go and do something like putting the master key for their entire network on every machine they sell... oh wait they did that too. Yes clearly we are truly ignorant, asking for basic protection of our info. So far the only thing I have seen them do was removed my features and I mean I guess that worked right? Oh no, it didn't, so now we're just left over with a bunch of screwed over people, yea we're ignorant all right.

Considering at the time of the attack Sony was fighting of massive DDoS attack starting before, and ending after the PSN hacking. and the fact that no matter how sophisticated and well designed a security system is, it can always be hacked. And the fat that Sony did not wake up one day and say let's screw over our customers. Yes you are ignorant and you are focusing all the blame on someone you can see. Your information was well protected, Hackers are just better than the programmers. The Hackers stole the data, the hackers commit a crime, and the hackers are the ones who sold the data.

No, you are correct no system is unhackable, after having read details on how the attack went down most people who know anything about security knows how bad of a fuck up this was. How many times does this have to be posted?

"?The vulnerability [of the network] was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it,?

Did you actually read what Sony has said before just blindly defending them, they knew about the hack and didn't think it was a big deal....

Not to mention other massive screw ups like placing a master key that interacts with it's server on every console? That's like the first rule of security, never trust the client.

I work on government websites for a living, do you mean to say if due to my crappy code, millions of peoples info was lost that it is not my companies responsibility to pay for the damages and fix the problem?

If you can't protect your customers personal data then you should not be taking it. They sell insurance to companies for this kind of thing so either be sure your good or pay up when you loose it, or get someone else to pay when you loose it. The option of getting a free pass is not up for grabs, as the US government, German government, and canadian government have started to look into this I would guess that they are probably on the same opinion on that one.

 

[Ailia]

I`m going to march down to Toronto and yell at this firm and all involved. Don't they realise Sony's got enough problems without them adding onto it?

 

[ArgyleBandit]

I approve of this. Sony's failure to protect personal details of it's clientsand they're going to pay for it.

That is bullshit, complete bullshit, the hackers are the ones who should pay, not Sony. Trying to blame Sony for it is such a cop-out and show's how ignorant people truly are

Yes sony clearly designed the network well and was great at protecting our details.... oh that's not the case? You mean they stored much of it unencrypted? I see, well clearly they wouldn't go and do something like putting the master key for their entire network on every machine they sell... oh wait they did that too. Yes clearly we are truly ignorant, asking for basic protection of our info. So far the only thing I have seen them do was removed my features and I mean I guess that worked right? Oh no, it didn't, so now we're just left over with a bunch of screwed over people, yea we're ignorant all right.

Encrypting personal information is ridiculous. It would make the data unavailable to technical support and would prevent simple features that most users expect like password recovery. Encrypting credit card information is required to get security certification by credit card processing providers. Sony appears to have been following the same industry best practices that everyone else has been following. It is obvious that the hack was very sophisticated and somehow broke into a secure area. Even so, the sensitive information (credit cards) was still protected.

 

[Snake Plissken]

Was Sony truly negligent in some way, or was it the victim of a highly sophisticated attack that any network would have been vulnerable to?

Nope. Sony was negligent. If someone truly wanted to get into a secure network and steal a shitload of credit card information (amongst other personal information), they would've attacked PayPal. They didn't. They attacked Sony because it was a billion times easier.

 

[aww yea]

Was Sony truly negligent in some way, or was it the victim of a highly sophisticated attack that any network would have been vulnerable to?

I fail to see how that would make any difference - If a bank is robbed, they have to stand up for the damage they didn't prevent, and "the robbers were really good" is no excuse. Sony fucked up, and they have to take responsibility for loosing something they were entrusted with, no matter if it was their fault.

Whoa whoa whoa hang on. At what point does the bank stop beefing up security? After they've installed blackholes at key points in the flooring? You can always improve security and you there will always be someone able to defeat it, plain and simple. Whos fault is it if you decide your not going to make the security ridiculous? In the same vein who's fault is it if someone gets over the crazy security?

Sony ARE taking responsibility to a reasonable degree but at this moment in time - (if i find out they left the "bank doors" open or something then obviously this doesnt apply) - I do not believe it is their fault.

 

[JDKJ]

Was Sony truly negligent in some way, or was it the victim of a highly sophisticated attack that any network would have been vulnerable to?

I fail to see how that would make any difference - If a bank is robbed, they have to stand up for the damage they didn't prevent, and "the robbers were really good" is no excuse. Sony fucked up, and they have to take responsibility for loosing something they were entrusted with, no matter if it was their fault.

Because if they weren't negligent as a matter of law (i.e., they took reasonable care to protect the data), then the class can't collect a dime from them. They're being sued for negligence.

 

[JDKJ]

It's not about fixing the issue it's about getting reparation for Sony's massive fuck up. Since when has suing been about fixing things?

I now have to go through the added hassle of closing down my cards, changing any accounts that may have used those cards, be broke for the next week while I wait for my account get fixed, run extra credit reports, pay someone to monitor it... get it? time = money, it's not about getting some pr statement about how the new psn network is totally secure this time and it will never happen again, which is all we would get if not for the suits popping up.

You're complaining about this to someone who has actually has been hit with identity theft so you're getting no sympathy from me.
It's called life, and sometimes bad things happen and you just have to deal with it.
Class action lawsuits like this are a joke only created for people who want to get an easy buck outta life.

Simply put, sony has a responsibility on both the civil and criminal realm of things (At least here in the usa but it seems other countries are stepping up) to make a resonable effort to secure our data and INFORM us when that breach has happened.

So 1)Sony stored much of our info in clear text. Well that's pretty unreasonable.
2)Sony then left us in the dark for 6 days and didn't inform people, well that's money gone from peoples wallets, banks then have to pay that back to customers, so another actually cost.
3)We find out that Sony basically put a fucking root key on every single machine it sold AND knew about the software vulnerability but still didn't fix it.

Yes we are all clearly out of line, just looking for a free buck and Sony bares no responsibility in the absolute inadequacy of protecting our data, not to mention how they painted a bulls-eye on themselves in the first place by screwing over customers.

Even assuming all you say is true, what's the injury that the class members have suffered? Expressed as both a concept and in dollars?

 

[PhiMed]

First off its not just canada thats been affected, its the whole world. Second why are you blaming sony for stealing the personell details?, when the hackers did that in the first place. There the criminals not sony. I keep saying this over and over again, but no system is unhackable no matter how secure the security is.

No one's accusing Sony of stealing information. Yes, someone else committed a criminal act, but Sony does have a responsibility to implement reasonable controls in their information system to prevent theft. Considering their stonewall of silence so far, I doubt that information to vindicate them is coming forth in the near future. The longer they hold out, the worse they look.

But as far as "there" being the criminals, Sony could also potentially be criminally negligent. We don't know, because they're not saying anything (leading most people, including me, to become more and more suspicious).

In the meantime, stop defending them. You don't know any more about the realities of the situation than the originators of this lawsuit. While my knowledge on this particular subject is also deficient, there is one thing I can tell you with absolute certainty, and that is that Sony does not care about you. At all. And they aren't going to give you a cookie at the end all of this because you defended them on an internet forum.

 

[cynicalsaint1]

As mad as I am at Sony I don't think this helps anyone. Sony's already being put through the wringer on this; forcing them to pay more is only going to make it harder for them to actually make amends and fix things. At this point I think its much better to focus on preventing this sort of thing from happening again, and from the sounds of things Sony is already going to be doing something about helping affected customers enroll in identity protection services. While we still have yet to hear exactly what that means - it sounds like Sony is already trying to take some amount of responsibility on its own.

I really don't think suing is going to do anything good for anyone at this point.

 

[PhiMed]

YES! Let's sue the corporation, because that'll always fix the problem! /sarcasm

Come on people, since when does suing the pants off someone ever fix an issue?

When they are guilty of excessive pants.

 

[scarfacetehstag]

Is that billion in Canadian dollars or American ones?

about 1,000,010,000 u.s dollr then

HEY-OH YOUR ECONOMY SUCKS

Either way we should get the money anyway we do have a deficit to pay

 

[JDKJ]

First off its not just canada thats been affected, its the whole world. Second why are you blaming sony for stealing the personell details?, when the hackers did that in the first place. There the criminals not sony. I keep saying this over and over again, but no system is unhackable no matter how secure the security is.

No one's accusing Sony of stealing information. Yes, someone else committed a criminal act, but Sony does have a responsibility to implement reasonable controls in their information system to prevent theft. Considering their stonewall of silence so far, I doubt that information to vindicate them is coming forth in the near future. The longer they hold out, the worse they look.

But as far as "there" being the criminals, Sony could also potentially be criminally negligent. We don't know, because they're not saying anything (leading most people, including me, to become more and more suspicious).

In the meantime, stop defending them. You don't know any more about the realities of the situation than the originators of this lawsuit. While my knowledge on this particular subject is also deficient, there is one thing I can tell you with absolute certainty, and that is that Sony does not care about you. At all. And they aren't going to give you a cookie at the end all of this because you defended them on an internet forum.

If you read Sony's response to the questions posed to them by the Congressional subcommittee, perhaps you'll see where the assertions that they took less than reasonable care to protect the data in their custody and that they've been engaged in stonewalling are not supported by the facts of the matter -- at least not as Sony retells those facts. But, then again, perhaps you won't.

 

[JDKJ]

First off its not just canada thats been affected, its the whole world. Second why are you blaming sony for stealing the personell details?, when the hackers did that in the first place. There the criminals not sony. I keep saying this over and over again, but no system is unhackable no matter how secure the security is.

No one's accusing Sony of stealing information. Yes, someone else committed a criminal act, but Sony does have a responsibility to implement reasonable controls in their information system to prevent theft. Considering their stonewall of silence so far, I doubt that information to vindicate them is coming forth in the near future. The longer they hold out, the worse they look.

But as far as "there" being the criminals, Sony could also potentially be criminally negligent. We don't know, because they're not saying anything (leading most people, including me, to become more and more suspicious).

In the meantime, stop defending them. You don't know any more about the realities of the situation than the originators of this lawsuit. While my knowledge on this particular subject is also deficient, there is one thing I can tell you with absolute certainty, and that is that Sony does not care about you. At all. And they aren't going to give you a cookie at the end all of this because you defended them on an internet forum.

double-up

 

[Atmos Duality]

First off its not just canada thats been affected, its the whole world. Second why are you blaming sony for stealing the personell details?, when the hackers did that in the first place. There the criminals not sony. I keep saying this over and over again, but no system is unhackable no matter how secure the security is.

By your logic, there should be no degree of accountability for any system.
Why not? Because (by your logic) no system is "unhackable" (which is bullshit, following best practices), there can be no blame placed on those except those who hacked the system.

That is the single most absurd thing I've read in recent memory.

If courts followed that justification, nothing would fucking work. There would be fraud on a global scale followed by a seizing of the entire financial system simply because nobody would trust anyone else enough to do business.

Why? Because the vast majority of financial transactions today are booked and processed electronically; paper transactions and hard currency are just too slow. By eliminating accountability, you are eliminating trust, and thus any incentive to use that system. You eliminate business.

So no. Screw Sony. Screw them for their arrogance, and twice again for their negligence.
I hope they catch those hackers too, but even doing that isn't going to absolve Sony.

 

[PhiMed]

First off its not just canada thats been affected, its the whole world. Second why are you blaming sony for stealing the personell details?, when the hackers did that in the first place. There the criminals not sony. I keep saying this over and over again, but no system is unhackable no matter how secure the security is.

No one's accusing Sony of stealing information. Yes, someone else committed a criminal act, but Sony does have a responsibility to implement reasonable controls in their information system to prevent theft. Considering their stonewall of silence so far, I doubt that information to vindicate them is coming forth in the near future. The longer they hold out, the worse they look.

But as far as "there" being the criminals, Sony could also potentially be criminally negligent. We don't know, because they're not saying anything (leading most people, including me, to become more and more suspicious).

In the meantime, stop defending them. You don't know any more about the realities of the situation than the originators of this lawsuit. While my knowledge on this particular subject is also deficient, there is one thing I can tell you with absolute certainty, and that is that Sony does not care about you. At all. And they aren't going to give you a cookie at the end all of this because you defended them on an internet forum.

If you read Sony's response to the questions posed to them by the Congressional subcommittee, perhaps you'll see where the assertions that they took less than reasonable care to protect the data in their custody and that they've been engaged in stonewalling are not supported by the facts of the matter -- at least not as Sony retells those facts. But, then again, perhaps you won't.

Sent this as a direct reply because I couldn't see the comment for some reason.

As far as I know, they haven't responded to the Subcommittee's questions, and they're refusing to appear in person. You can argue that declining to appear isn't necessarily stonewalling, but until we know what the actual answers to the Subcommittee's questions are, it's a little premature to announce either their diligence or their transparency. You're announcing both.

As for their vague claims regarding their efforts, course their non-informative releases will claim freedom from culpability. That means less than nothing until they answer detailed questions about security measures. If they were guilty, what would you expect them to say, "Whoops we didn't encrypt any of your information. Sry drunk, LOL"?

 

[GrandmaFunk]

Encrypting personal information is ridiculous. It would make the data unavailable to technical support and would prevent simple features that most users expect like password recovery.

this is quite blatantly false.

MILLIONS of web application work like this, it's really not that complicated to have all the data encrypted.

 

[JDKJ]

First off its not just canada thats been affected, its the whole world. Second why are you blaming sony for stealing the personell details?, when the hackers did that in the first place. There the criminals not sony. I keep saying this over and over again, but no system is unhackable no matter how secure the security is.

No one's accusing Sony of stealing information. Yes, someone else committed a criminal act, but Sony does have a responsibility to implement reasonable controls in their information system to prevent theft. Considering their stonewall of silence so far, I doubt that information to vindicate them is coming forth in the near future. The longer they hold out, the worse they look.

But as far as "there" being the criminals, Sony could also potentially be criminally negligent. We don't know, because they're not saying anything (leading most people, including me, to become more and more suspicious).

In the meantime, stop defending them. You don't know any more about the realities of the situation than the originators of this lawsuit. While my knowledge on this particular subject is also deficient, there is one thing I can tell you with absolute certainty, and that is that Sony does not care about you. At all. And they aren't going to give you a cookie at the end all of this because you defended them on an internet forum.

If you read Sony's response to the questions posed to them by the Congressional subcommittee, perhaps you'll see where the assertions that they took less than reasonable care to protect the data in their custody and that they've been engaged in stonewalling are not supported by the facts of the matter -- at least not as Sony retells those facts. But, then again, perhaps you won't.

Sent this as a direct reply because I couldn't see the comment for some reason.

As far as I know, they haven't responded to the Subcommittee's questions, and they're refusing to appear in person. You can argue that declining to appear isn't necessarily stonewalling, but until we know what the actual answers to the Subcommittee's questions are, it's a little premature to announce either their diligence or their transparency. You're announcing both.

As for their vague claims regarding their efforts, course their non-informative releases will claim freedom from culpability. That means less than nothing until they answer detailed questions about security measures. If they were guilty, what would you expect them to say, "Whoops we didn't encrypt any of your information. Sry drunk, LOL"?

They responded in writing this morning. Fully and in great detail.

 

[Aesir23]

Is that billion in Canadian dollars or American ones?

Either way it's the same amount since our dollar is at par with the American dollar right now.