NEW YORK—Japanese electronics maker Sony Corp. announced that up to 75 million members of its PlayStation Network (PSN) may have had their confidential data stolen as a part of a security breach at the company.
After more than a week of being offline, Sony said that its PlayStation Network—an online store for PlayStation video game customers to download and purchase content—was breached by a third party and private information may have been compromised.
Sony is Japan’s largest consumer electronics maker and one of the largest corporations in Japan.
On Wednesday, the company’s U.S.-traded ADR shares (NYSE: SNE) saw a dramatic increase in the purchase of its put options, or an option to sell the stock, from investors. “By purchasing the 28-strike puts to open, the buyers are expecting SNE to backpedal beneath the $28 level over the next couple of months,” said Schaeffer’s Investment Research analyst Andrea Kramer.
In one of the biggest corporate hacking cases in history, Sony said that customer information were compromised—including usernames, customer names, and birth dates—but it is unsure if saved credit card information were breached. The breach came as a result of an “illegal and unauthorized intrusion,” Sony said on its website.
However, PlayStation Network’s terms and conditions stated that Sony may not be liable for such losses, but that argument may not stand ground in court.
"We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network,” it reads.
Sony has advised its customers that they may see an increase in phishing attacks as a result of the breach.
Users Fighting Back
Many users have written to Sony or posted critical remarks on social networking websites since the incident, mainly to protest Sony’s muted response following the hacking attack.
For days, Sony’s PSN was unavailable and no additional information was provided to customers.
“When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. … I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party,” U.S. Sen. Richard Blumenthal (D-Conn.) wrote in a letter to Sony Computer Entertainment America President Jack Tretton.
CNET reported that a lawsuit has already been filed by a Sony customer, Kristopher Johns of Birmingham, Ala., alleging Sony did not take "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."
The recent Sony fiasco raises more questions over online security and customer service. Apple Inc. uses a similar strategy with its iTunes media software and music store—it allows customers to directly purchase and download digital content by storing payment information online. Sony’s video game rival Microsoft runs a similar service called Xbox Live.