PSN data leak cost could top $24 billion - Report

Data-research firm tells <i>Forbes</i> price tag of PlayStation Network outage could be catastrophic; Sony offers FAQ, timeline as UK gov't readies enquiries.

Soon, the ongoing PlayStation Network outage will enter its eighth day. The past 24 hours of downtime have seen some dramatic developments, as yesterday Sony revealed that the "external intrusion" that prompted the crisis also resulted in PSN users' information being compromised. Since an estimated 77 million people have signed up for the service, the scope of the data leak is huge.

The PSN outage could prove extremely pricey for Sony.

Even larger could be the cost from the potential information theft. In an article today, Forbes cites data-security research firm The Ponemon Institute as estimating the "cost of a data breach involving a malicious or criminal act" was, on average, $318 per compromised account. Given the most recent PSN population estimate, that formula puts the potential cost as being over $24 billion.

The 2009 Ponemon Institute study that determined the figure, available here, "takes into account a wide range of business costs, including expense outlays for detection, escalation, notification, and after the fact (ex-post) response. [Ponemon] also analyze[s] the economic impact of lost or diminished customer trust and confidence, measured by customer churn or turnover rates."

On the bright side, Sony did say that some PSN services should be restored within a week. Then, late yesterday, it offered some answers as to why it took so long for the company to announce that users' personal data may have been accessed by an outside party.

"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," said senior director of corporate communications and social media Patrick Seybold in a statement on the PlayStation Blog.

He continued, "We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until [April 25] to understand the scope of the breach."

Sony also made a further attempt to answers PSN users' questions by posting an FAQ on the official PlayStation website. Though it often declines detailed comment, the FAQ answers a variety of questions, including steps to avoid phishing scams. It also said that Sony was "reviewing options" about potentially refunding customers due to the downtime, which could potentially add to the cost of the outage.

Meanwhile, Eurogamer reports that the British government is launching an inquiry into the PlayStation Network data breach. The site quotes the Information Commissioner's Office as saying, "We have recently been informed of an incident, which appears to involve Sony. We are contacting Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office."

The move comes one day after US Senator Richard Blumenthal (D-CT) called on Sony to offer full disclosure to PSN users if their information was compromised. He also demanded the company offer two years of free access to credit reporting services to check if their credit was adversely affected, raising the prospect of still more expenses for the company.

Written By

Discussion

833 comments
_fark_
_fark_

@Leir_Bag Geohotz is just a media hog, if he had not published the master key someone else would have.. theres a long list of "known" hackers and software experts that were actively digging in the system for this information. Geohotz was just the first past the post. The blame soley lies with Sony not encrypting the data or using a random master key.

ColonelVodka
ColonelVodka

@KCKING23 I don't know anything about reading. Could you teach me, sir? On a serious note, there's nothing sarcastic about your post: "gamerguys2010 keep saying stuff like that and you will get hit in the mouth." This is not sarcasm. Get a clue, man.

ColonelVodka
ColonelVodka

[This message was deleted at the request of the original poster]

KCKING23
KCKING23

@ColonelVodka sarcasm look it up if you can read

Leir_Bag
Leir_Bag

@Decessus : Well, I believe it usued to be most people's excuse, that thing about Other OS, for supporting the Hackers. People would like them because Sony took our "freedom" away, and so, Sony deserves enerything that's happening (remember: that is not my opinion). At least, this is what I believe, what I usued to see, correct me if I'm wrong. And about George Hotz, well, I don't know what reason's he had to do what he did, maybe they were good, or bad, but if publishing the PS3's Master Key online didn't help the hackers do their... stuff, then I don't know what did. But that's what I know about the facts, what I read on random web pages. People can correct me if i'm wrong, maybe he didn't do it at all.

egres122
egres122

$24 Billion Dollars! (Dr. Evil music playing in the background)

tizzomr
tizzomr

@Rikudo-Pein PSN just needs to be more careful about who it lets create and account. The problem today with almost all networking sites/services, is that ANYBODY can sign up, and while your in Playstation Home, you could be very well chopping it up ANYBODY, and such, and while I don't know exactly how you would go about that, something needs to be done, especially with user accountability, as in dealing with quitters, and cheaters and such as well. Now enough companies invest in the long term effects, and it's about time companies start doing this globally.

Rollaster
Rollaster

First off Sony is well at fault. Not only did they refuse to encrypt any data coming into their servers, they also used a very bare bones basic version of linux with outdated security. Furthermore the hackers that compromised their system offered to sell the data back to Sony, but Sony refused. Sony is liable for deliberate negligence. http://psx-scene.com/forums/f6/psn-database-containing-2-2million-credit-cards-now-up-sale-85702/ http://psx-scene.com/forums/f6/sony-admits-psn-personal-data-not-encrypted-85693/ They didn't give a damm about security and thought they were untouchable. If you anger people starting with otherOS removing a service from your advertisement. Ofc ppl are going to get mad. You'll get your service shut down by some hacker group. Then you can expect some rouge group or individual to come along, one that spends hours on unix and linux like systems, that rarely if ever plays videogames. I expected this would happen sooner or later. I mean seriously people do your research and use some logic. If you found out that their was next to no security in a network with millions of credit cards and personal data (CVV was hacked also) what would you expect? I know I would take it, sell it back to Sony if I could, and if not put it on the black market. I'm not a bad person and have very limited knowledge when it comes to hacking because I got better things to do, but seriously people after reading some of these comments use some logic!!!

-Lionheart-
-Lionheart-

People need to seriously quit whining and taking out their anger on Sony who is the VICTIM of the attack here (as are we). get mad at the cause of the problem, the HACKERS and stop "demanding" Sony give us free things...or god forbid, be stupid enough to sue Sony over this issue like that one idiot from Alabama.

that34
that34

It doesnt matter what they do because i will still be a fan of sony. Hopefully this get resolved so we can be gamers again

raptures330
raptures330

@Double_Wide I think you need to go read up on what jailbreaking something is, and what cheating is, and learn to tell them apart. Playing the game as "the good Lord" intended (I am guessing that is a nickname you have for Sony) means getting things you paid for taken away because it suits them better. Please go read the functions of Homebrew (there are even people connecting the KINECT to the PS3 now) before you go "all hackers are cheaters and thieves!" Simply not true. The people that went in and stole credit card information targeted Sony's PSN because, apparently, it was much easier than targeting banks. Their tools this time was software. It is a case of a group of thieves that can hack rather than a group of hackers that decided to steal. If that does not get through, then these people (I imagine) also have cars that they drive. So, all drivers are also cheaters and thieves.

gamebm
gamebm

bad news is alway bad

Oldboy08
Oldboy08

Sony is and will always be my favorite company. They make damn fine hardware. I don't even have a credit card so this really isn't even an issue with me. I play my PS3 on a Sony Bravia LCD and at nighttime I use Sony Headphones. Ganbatte Sony!

Big_Greg
Big_Greg

Expect mandatory PS Plus subscriptions to cover this "loss". I realize now that Sony is an indian giver corporation. Luring us all in with freebies then taking the gifts away then force you to deal with their problems capitalism at its finest... -_-

AceCometh
AceCometh

A cost of $24 BILLION?? ouch. Those are some expensive damages/upgrades. It's highly unlikely that this was done by a single person. If Sony was indeed hacked by someone on the outside, it was a well coordinated, planned "hack attack". It was either that or Sony has been very negligent in it's server upkeep or actually an inside job.

Big_Greg
Big_Greg

I think I'll be the 1st to say that this "breach of security" is nothing more than a ploy to give SNEA the funds it needs to operate. I absolutely believed with every fiber in my being that this was going to happen the millisecond I discovered Sony handed off PSN to SNEA. Anyone who believes Sony's bs story is the dumbest person in the history of the earth. A multibillion dollar company hacked by 1 lone intruder? Give me a break

gamefreak123430
gamefreak123430

@Valen_Ca, it would if Xbox would come out with some type of new peripheral. play-station wouldn't be able to compete with that type of loss, not to mention this breach still isn't completely fixed

Valen_Ca
Valen_Ca

@gamefreak123430 Like what exactly? This doesn't affect the PS3 hardware at all, and granted there hasn't been a data leak of this size on Live, individual accounts have been hacked. If anything at all comes out of this mess from Nintendo and Microsoft it's that they take a very close look over their own online services and make sure they are as secure as possible.

gamefreak123430
gamefreak123430

ooh this could be Xbox's chance to come up with something good and leave PlayStation in the dust

franzito
franzito

Billions!?! Talk about horror (for SONY) and Capitalism consequences (for everybody)!!

casualthrasher
casualthrasher

[This message was deleted at the request of a moderator or administrator]

eastwoodmaniac
eastwoodmaniac

[This message was deleted at the request of a moderator or administrator]

Hellion-1
Hellion-1

Sony should have taken note after the last time there was a breach of their server and made steps to update security so as to prevent this from happening again. Sony is responsible for the safety and security of all PSN users personal data and not to mention financial data. So this should not have got to this point in the first place. I for one will stay with Sony but I will keep an even closer eye on my financial transactions as I suggest all other PSN users do as well!

shawn7324
shawn7324

Sony should have it set up so crap like this never happens, so they should pay whatever to straighten it out now. However, I do hope they catch these punks!

HappyBB
HappyBB

However much I dislike Sony in dealing with Hotz, this hacking issue is completely unacceptable and must be brought to justice! May the hacker(s) who pulled this off be brought to justice!

ThePurpleBubble
ThePurpleBubble

[This message was deleted at the request of a moderator or administrator]

roxomega
roxomega

(continues my fanboy dance) Dont own a PS3 no info to lose /dance

Krinnium
Krinnium

wow. if these hackers are anti sony, and sony is looking at a 24 billion dollar cost, it sounds like they got what they wanted x[ not to state the obvious or anything but i hope they get caught. only problem is sony will prolly get stuck with the bill in the end anyway. its not like the hackers can come up with 24 billion to reimburse the company.

flyingdutchdog
flyingdutchdog

@Joker_268 Yes remind me cause I don't remember it being down for two weeks. The fact is, it never was down for two weeks. Quit regurgitating everyone else's bullsh*t.

choasgod
choasgod

... this is quite stupid. It will probably cost SONY ~$5million for 3rd party security analysis, ~$50 million to re-build PSN (mostly overtime and lost revenue) and ~$500 million revenue in opportunity cost over 2 years (this basically means PSN sales will be down compared to what they would of been if the breach didn't occur)

Joker_268
Joker_268

Lol, may I just remind the $xbox fanboys, that when halo 3 was released, XBL went down for 2 weeks!!

mardinn
mardinn

Why so much hate against Sony? I remember All you guys hatin' on the hackers then in an instant.. you are hating Sony.

MagicOneUp
MagicOneUp

Time to pay up, Sony. All those price gouging and lies is going to bite you in the end

JimmeyBurrows
JimmeyBurrows

@philo350 Sony didn't have any balls... they were keeping it to themselves just saying it was down for maintenance, lol.

oscaromarjp
oscaromarjp

@hordaak Yes, of course is more secure, some days ago they just prove that to the world...

Philo350
Philo350

oooo also to all the xbox people/ fanboys....you guys got hacked in 2007. just to let you know haha.

Philo350
Philo350

This has happen to other companies before and cause keeping records/ internet records is only new in last 10 -15 years lets say, there are no/ not many rules in place how to handle this. Some companies choose to say nothig and act like they never knew....so for sony to come out and say yeah we got hacked good, takes a lot of "balls" i reckon. Just my thought.

hordaak
hordaak

PSN is WAY more secure than XBOX live!!!! -PSN dude that got his info stolen

hordaak
hordaak

Yes....24 Billion is more than 1 Billion. That math is correct. -Bill Gates

aozman
aozman

do playstation users see any of this money?????

kyle_360
kyle_360

i think microsoft did this...

kyle_360
kyle_360

[This message was deleted at the request of the original poster]

twyz
twyz

XBOX fanboys need to shut up. Just because this happend to PSN doesn't mean XBOX Live can't be hacked. Just because you pay to play online doesn't mean your any more secure. Anything can be hacked, whether it's free or not. It doesn't matter. The fact that PSN is free to use didn't make it any less secure.

mtait01
mtait01

@NintendoMan14 'Those hacker should have attacked xbox live instead Sony, the xbox has many security breaches because the use of their firmware and their visual studio security embedded which is pretty crappy. ' ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Really??? ok First, hackers should not be attacking any company for any reason. And Second, you are saying the PS3 is more secure than the 360? I am no tech expert but something tells me that after the last 8 days your wrong.

torres_unix
torres_unix

I hope this serves as a warning for the game industry; all of this online distribution, personal data-linked online accounts, and DRM madness w/o the proper security audit and hardening will leave those networks open to attack. Sony should invest more money into their infrastructure and expertise.

NintendoMan14
NintendoMan14

Those hacker should have attacked xbox live instead Sony, the xbox has many security breaches because the use of their firmware and their visual studio security embedded which is pretty crappy.

kakashi6666
kakashi6666

lol microsoft and there xbox live dont have these kind of problems but i do fel sory for ps3 owners it feels terible when something like this happens to you if sony get the act together it shouldnt be to long before the psn is back up properly

mtait01
mtait01

Has anyone lost faith in Sony over this? I'm just curious because I have read some comments on various websites of ps3 users saying they are very annoyed. I am an 'xbot' and I am still considering switching over to the PS3, but it looks like I won't be switching over for quite a while until I see proof that everything is resolved. Its a real shame because this year is supposed to be PS3s year of games, it looks like this will be in the front of peoples minds for quite a while

Citrus25
Citrus25

Forget PSN Hacking..... Dark Souls for the win!

Smoothy08
Smoothy08

LOL @ Sony. I wonder how long there PSN subscriptions will be free?