Credit Card Breach May Cost Sony $24 Billion

 Pages 1 2 3 4 5 NEXT
 

Credit Card Breach May Cost Sony $24 Billion

image

Financial analysts have estimated that Sony's possible loss of account information may cost the company billions of dollars in damages.

Sony is not certain that personal credit card information was stolen but admitted such theft was a possibility, but even that may cost the company. The Ponemon Institute, a research firm that studied previous credit card hacks, estimated last year that data breaches involving a nefarious attack - which Sony admitted is the case here - cost an average of $318 per compromised record. With Sony's PlayStation Network consisting of 77 million user-created accounts, it may possibly cost $24.5 billion for the company to clean up the mess. In addition, Sony may suffer penalties from governments across the globe for failing to protect consumers' personal information, including a 500,000 fine from the U.K.

"Simply put, [the attack on Sony is] one of the worst breaches we've seen in several years," said Josh Shaul from a company called Application Security that specializes in protecting databases like the one over which Sony lost control. Shaul believes that just the fact that Sony announced the loss of credit card information should cause some alarm.

"They indicated that they're worried about it, which is probably a very strong indication that everything was stolen," he said.

According to United Kingdom's Data Protection Act, all companies that store personal information are required to keep it secret, keep it safe. A representative from the Information Commissioners Office said that even though Sony's EULA attempts to cover them from that responsibility by stating, "We exclude all liability for loss of data or unauthorized access to your data," such a "contract" might not hold up. It depends on whether the data was physically stored within the borders of the United Kingdom and how fast Sony is able to clean up its act.

"If the company is not compliant with the act within a certain time limit, further action would be taken and we might consider an enforcement notice or issue a monetary penalty," the rep said. "For serious breaches of the act, we can issue a monetary penalty up to 500,000."

Another legal expert, Jas Purewal from the GamerLaw blog in the UK, said that all of this is only possible if actual criminal acts can be proved to occur as a result of the breach. "However, it is important to remember that there is no evidence of such misuse of personal data at present. If an account compromise does not actually lead to misuse of such data, then any legal claim would be more difficult."

Now, to be honest, I don't really think that Sony is going to be $24 billion in the hole due to this breach, but it will certainly have an impact on both the future of its PlayStation Network and the viability of such a pervasive gaming network. Xbox Live and Steam might be unaffected now, but this attack on the PSN proves that such networks are vulnerable.

Also, what's been lost in this whole mess is how the attack affects the little guys. The independent developers who sell their games exclusively from PSN haven't made a dime in the last week, and probably won't for a good long time as consumer confidence in the PSN will take a long time to return. Unless Sony bails them out, the devs behind games like Pixel Junk Shooter and Mod Nation Racers are screwed, and I think that's the real tragedy here.

Source: Next-Gen and Forbes

Permalink

"According to United Kingdom's Data Protection Act, all companies that store personal information are required to keep it secret, keep it safe."

image

Ultimately, it's probably going to cost them more than this, when you factor in the huge loss of consumer confidence in their brand. I reckon a lot of people will think twice about getting a PS3 or an NGP (when it comes out) after this.

Greg Tito:
With Sony's PlayStation Network consisting of 77 million user-created accounts, it may possibly cost $24.5 for the company to clean up the mess.

Might wanna add the billion after $24.5

Honestly the "fact" that there hasn't been a recorded misuse of customer's data yet by the instigators of this incident doesn't matter in my opinion. The threat alone is enough to cause stress, fear and alot of panicking from those affected.

"it may possibly cost $24.5 for the company to clean up the mess."

Wow Sony must have some hard core insurance with a co payment that low lol.

I've never participated in a console war in my life, but I am very glad at this particular moment in time to not be a Sony customer.

Anyone who is, you have my sincest sympathies and I hope nothing bad happens to you.

*Waves goodbye to Sony*
Well You had good run guys.

In my own little mind, I like to think that the people who did this, only did it to teach people a lesson about security. Maybe they stole all that stuff, and then deleted it so they don't have it anymore. Kind of like the people who called out the CEO of sprint about the privacy of their customer's information.

These hackers that caused this are monumentous dicks. This has not only affected innocent sony employees but game developers and every fucking person on psn. I think I speak for (almost) everyone when I say, "Fuck you hackers". This obviously does not apply to the hackers which aren't cunts.

Melon Hunter:
Ultimately, it's probably going to cost them more than this, when you factor in the huge loss of consumer confidence in their brand. I reckon a lot of people will think twice about getting a PS3 or an NGP (when it comes out) after this.

I'm not sure about that. Yes, lots of people are saying that right now, but our collective society is very quick to forget things that aren't blasting them in the face. As soon as this stops making headlines, I'm betting that most people completely forget about it and move on. Especially in this gaming culture where everyone HAS to have the newest thing all the time. Seems like every week there's some new "outrage" going around in the gaming community with people swearing up and down that they will never give another cent to a company, and then a few days later they are buying the next game anyways.
Add to that all the people who are completely clueless about video game industry news and developments.

Obviously this is a much more grievous offense than most previous issues that have brought out protests (portal 2 dlc, ea online pass, ubisoft drm, etc), so I hope that you are right -- Sony SHOULD feel an impact from this.

Personally I have already cancelled my credit card and changed whatever passwords I can. I'm hoping I don't have any recurring bills that try to bill my credit card before my new one arrives, but other than that I doubt I will be financially affected by this in any way (fingers crossed). Still, what happened feels very wrong and angers me.

Oh my. My mind can't even comprehend how much money that is. Though i seriously doubt it'll cost that much... Well, i hope, at least.

Either way, there seems to be difficult days coming up for Sony, not to speak of all the little guys, as the article pointed out. Hopefully they can come trough of this crapstorm.

Good mother of fucking god. Sony is practically done. Who ever did this, just fuck over a lot of people.

Greg Tito:

Financial analysts have estimated that Sony's possible loss of account information may cost the company billions of dollars in damages.

I read this article three times and can't find not one financial analyst.

The Ponemon Institute conducts independent research on privacy, data protection and information security policy. Application Security provides comprehensive solutions for database security, monitoring, database vulnerability assessment, auditing, encryption, etc., etc. Jas Purewal is a blogger and self-described "games lawyer." Not one of these is a "financial analyst" by any stretch of the imagination.

Did I miss a quote from Michael Pachter (although, given his track record, calling Pachter a "financial analyst" could be stretch, too, but at least he's somewhere in the ballpark)?

Oooh Sony...I used to defend you but now you have made me look like a fool.
I'm already thinking twice about the NGP. Anything that Sony was developing is probably (secretly, because they love their secrets) on hiatus for now.

That is horrible math... Whoever did that "research" and put it out as if fact should be fired. Not every account has a credit card attached, not every account with a credit card was necessarily compromised, and to assume it will be an equivalent loss per account to another incident is foolish.

Well, it's too bad for Sony... Everyone is rearing their ugly heads to charge at them and nobody is really THAT concerned about catching whomever did this... If they manage to escape is going to be really... really... Really sad...

Also it made me think Gandalf was the one who wrote the United Kingdom's Data Protection Act. Lol

Oooooh wait! I see what you did there...

So much for the PS3 finally being profitable.

I read earlier on /v/ someone said that this was gonna bankrupt Sony and most people just lol'd at his remark, now I'm not good at financing but $24 billion is a lot of fucking money and that guys comment seems a little more plausable now the figures are out.

I really don't think Sony is going to get out of this in one piece, but I hope that this scenerio works out for the best for them and that the people responsible are caught.

plus theres going to be some kind of compensation for everyone regarding credit card status of this outage and information loss, last time it happened on xbox live a free game was given out at probably great expense for the week. This kind of outage and outrage. will require a greater sacrifice i reckon. Tack the cost of that at the end of the 24 billion. plus 500,000 for U.K. Data Protection enfringement.

Ouch.

This has been everywhere! Radio news.....its too huge no hacker/thief will use the credit card information at this point. Thats suicide. but shit will go down.
And if the loss of personal data is in fact confirmed i think consumers may still be able to pull off some legal charges and get some $$$!

Like this will ever happen, I doubt it'll go into millions and I think although Sony Is in a bad situation will find a way to get around it. Raptor Jesus help the hackers who are going to make the Geohot case look like a pushover.

Should Sony face penalties for getting hacked? Maybe. But anyone who would fine the company this much money would be eliminating the jobs of THOUSANDS of innocent people. Think about that before you start saying things like "Down with Sony!"

Greg Tito:
Xbox Live and Steam might be unaffected now, but this attack on the PSN proves that such networks are vulnerable.

Xbox Live it's plausible but I'm very confident with Steam's security.

I mean it has been running financial transactions since 2003 and I am very impressed by all the many layers of robust security the servie offers.

It's the little things like if you change your password all your saved card details are reset. That is so handy as if anyone does phish your password and tries to hijack your account then when they try to lock you out they can't use your cards.

Other stuff like Steam Guard and just how they have been such a high profile target to hackers with people connecting via PCs means they must have a robust network.

Sony's fatal mistake seems to be the assumption the PS3 would always remain locked down... till Geo-Hotz cracked it open. Like EVERY consumer device before or since PS3 was released. They get cracked eventually. Sony has a fundamentally flawed ideology of network security, they expect the end elements to be "good" but then trust them too much and one one is crack you have way WAY too open access to the network with trivial barriers after that.

Greg Tito:
all companies that store personal information are required to keep it secret, keep it safe.

image

IS IT SECRET? IS IT SAFE?

Shit, this is a bad time to have a PS3. How much you want to bet Microsoft is absolutely ecstatic about this?

Also, my captcha is telling me to find something called a Doriketa. One can only wonder.

I wanted them to get hurt and now they are hurt. So Im happy.

Greg Tito:
Credit Card Breach May Cost Sony $24 Billion

According to United Kingdom's Data Protection Act, all companies that store personal information are required to keep it secret, keep it safe.

Permalink

LOVE the lord of the rings wink there.

Greg Tito:
Credit Card Breach May Cost Sony $24 Billion

Financial analysts have estimated that Sony's possible loss of account information may cost the company billions of dollars in damages.

Sony is not certain that personal credit card information was stolen but admitted such theft was a possibility, but even that may cost the company. The Ponemon Institute, a research firm that studied previous credit card hacks, estimated last year that data breaches involving a nefarious attack - which Sony admitted is the case here - cost an average of $318 per compromised record. With Sony's PlayStation Network consisting of 77 million user-created accounts, it may possibly cost $24.5 for the company to clean up the mess. In addition, Sony may suffer penalties from governments across the globe for failing to protect consumers' personal information, including a 500,000 fine from the U.K.

The Pomenon Institute study referred to does not in any way support a conclusion that "it may possibly cost $24.5 [billion] for [Sony] to clean up the mess." Rather and according to the Pomenon Institute:

"Our current analysis of the actual data breach experiences of 45 U.S. companies from 15 different industry sectors takes into account a wide range of business costs, including expense outlays for detection, escalation, notification, and after the fact (ex-post) response. We also analyze the economic impact of lost or diminished customer trust and confidence, measured by customer churn or turnover rates.

Utilizing activity-based costing, our methods capture information about direct expenses such as engaging forensic experts, outsourced hotline support, free credit monitoring subscriptions, and discounts for future products and services. We also capture indirect costs such as in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished acquisition rates."

Source: http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/US_Ponemon_CODB_09_012209_sec.pdf

The study doesn't quantify clean up cost alone. It quantifies just about every imaginable cost, both direct and indirect, tangible and intangible, spread out over years.

This isn't the bankruptcy that the article makes it sound like. It's not just clean up costs. It's total costs. Sony can and will easily weather $24 billion IN TOTAL COSTS. TOTAL COSTS. TOTAL COSTS. TOTAL COSTS. TOTAL COSTS.

Seriously checking the bank statements for rogue transactions...

Did I really buy all these ipads?

Don't know how they got to $24bn. The closest comparison I can think of is TJX who lost 45m, probably more credit card numbers than Sony had, and that cost them $256m.

Braedan:
Should Sony face penalties for getting hacked? Maybe. But anyone who would fine the company this much money would be eliminating the jobs of THOUSANDS of innocent people. Think about that before you start saying things like "Down with Sony!"

Ehm...not to go all Godwin on you...
But that's one of the stupidest arguments I've ever seen in my life.
I don't give a flying fuck about Sony employees.
Why should I?
If they're good, they'll find another job, if they're not good, well, then they can go hungry for all I care.
Corporations cannot be allowed to hold the jobs they create as hostages, they did that in the US and look what's happening there...

Honestly?
I think Sony should be fined to oblivion, if only to shake up the current console market Status Quo.

Booze Zombie:
I've never participated in a console war in my life, but I am very glad at this particular moment in time to not be a Sony customer.

Anyone who is, you have my sincest sympathies and I hope nothing bad happens to you.

me=this go slothfulism! (go making-up-words too!)

erztez:

Braedan:
Should Sony face penalties for getting hacked? Maybe. But anyone who would fine the company this much money would be eliminating the jobs of THOUSANDS of innocent people. Think about that before you start saying things like "Down with Sony!"

Ehm...not to go all Godwin on you...
But that's one of the stupidest arguments I've ever seen in my life.
I don't give a flying fuck about Sony employees.
Why should I?
If they're good, they'll find another job, if they're not good, well, then they can go hungry for all I care.
Corporations cannot be allowed to hold the jobs they create as hostages, they did that in the US and look what's happening there...

Honestly?
I think Sony should be fined to oblivion, if only to shake up the current console market Status Quo.

You should get out more if that's the stupidest arguement you've ever heard. Also, I don't know if where you've been lately but getting another job is kinda hard still.

 Pages 1 2 3 4 5 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here