It's easy to imagine that the costs incurred by the recent PlayStation security breach could be staggering. With over 75 million users, and assuming that a large number of those people have purchased content from the PlayStation Store or Qriocity, Sony is probably lining themselves up for a severe financial burden. More precisely, data-security specialists The Ponemon Institute (via Forbes) say the number may be somewhere around 24 billion dollars. That's a whole lot of PlayStation 3's, Kevin Butler.
So how did the research firm come up with this figure? According to the group, the estimated cost of a data breach involving a malicious or criminal act averaged $318 per compromised record in 2010. Multiply that by the number of PlayStation Network consumers and suddenly this public relations nightmare is quickly turning into a financial catastrophe.
'Simply put, one of the worst breaches we've seen in several years,' commented Josh Shaul, chief technology officer for Application Security Inc., a New York-based data security company.
Of course, there's also the possible financial burden incurred directly by consumers if their data was in fact stolen. While no one has directly substantiated any loss at this time, lawsuits against Sony's handling of users' private data have begun to spring up this afternoon. Cnet reported that Kristopher Johns, an Alabama resident, has filed what may be the first (of what I can only assume will be many) lawsuit against the company for their handling of the data breach.
The lawsuit claims that Sony didn't take 'reasonable care to protect, encrypt, and secure the private and sensitive data of its users.' Furthermore, the Johns lawsuit claims that the company took far too long in notifying PlayStation users that their information (including credit card data) may have been stolen. He claims that Sony failed to allow consumers 'to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions.'
Rumors were circulating yesterday that Sony may have known about the breach as early as Friday, contacting banks to inform them of the possibly stolen credit card data. I called my own personal bank's corporate office, PNC, this morning and asked if the institution was aware of the situation. I was told by a corporate communications officer that they had, at this time, received no notification for the breach, and that this type of notice 'generally goes out to the card companies, such as Visa and Mastercard.' I have attempted to contact the credit card companies, and will report back if I find anything out.
Regardless of who's to blame, this situation is unfortunately going to cost quite a few people a great deal of money.
No comments:
Post a Comment