Class action lawsuit alleges Sony layoffs made PSN vulnerable

by JC Fletcher on Jun 24th 2011 2:20PM

A class action suit was filed this week in San Diego, alleging that Sony made its online services less safe by laying off important staff just before the April security breach. The suit, against Sony Corporation of America, Sony Computer Entertainment America, Sony Pictures Entertainment and Sony Network Entertainment International, is based on testimony from confidential witnesses (ex-Sony employees) who claim that Sony knew its security was compromised due to previous, smaller-scale intrusions. An SOE platform engineer claims that "Sony's technicians only installed firewalls on an ad-hoc basis after they determined that a particular user was attempting to gain unauthorized access to the network."

The suit also alleges, as stated by another confidential witness, that Sony "spent lavishly" on security measures for its own PS DevNetwork, but didn't put the same effort or budget into securing users' data.

Sony Online Entertainment enacted large-scale layoffs in March of this year -- just weeks before the massive data breach. One witness quoted in the claim said that those layoffs included staff from the company's Network Operations Center, which would have been instrumental in addressing a data breach.

Source: Gamasutra

Tags: lawsuit, layoffs, playstation, ps3, psn, psn-outage-2011, psp, sony, sony-online-entertainment

Reader Comments (81)

I guess we could see more lawsuits like this since there has been a new hack every day (Nintendo, Sega, EA, Codemasters, Square ... Maybe some I'm forgetting) since the Sony breach.

@Johnnynumber5 is powered by cell
For the Nintendo hack, LulzSec stated this on their Twitter:
"Re: Nintendo, we just got a config file and made it clear that we didn't mean any harm. Nintendo had already fixed it anyway.

Likely, since we so litigious. What's interesting about this is the involvement with former employees on behalf of the original members of the NY class. It doesn't appear that the laid-off employees that are providing this info or getting involved are part of the class, so I guess the firm representing the class has done some fine digging on these disgruntled employees :P

@BPMOmega XBL PSN Steam
Whoops... Forgot that the less-than symbol kills things here...
"Re: Nintendo, we just got a config file and made it clear that we didn't mean any harm. Nintendo had already fixed it anyway. less-than-3 them"

So, not only do they hack for laughs, but they're also Nintendo fanboys.

@Johnnynumber5

Bioware just sent an E-mail out that they had been hacked but no credit card info was taken.

@Johnnynumber5 is powered by cell

doubt it. companies get hacked on a daily basis, most of the time it's small intrusions. what makes Sony such a target is that they failed to make effort to secure the data as best as they could. when you hear stories like "no firewall installed", "unencrypted credentials", it's negligent at best.

@BPMOmega

So everyone takes the hackers words at face value? Sure makes me comfortable! Just a big practical joke.

My point is that everyday we seem to get a new report about some game company getting hacked hence why I said we could see more lawsuits down the line.

At least the fanboys can't say Sony wasn't being original! (kidding)

@BPMOmega XBL PSN Steam

Nah they just like the N64, but come on who doesn't?

@Johnnynumber5 is powered by cell

*Throws McPoop into traffic*

*Receives endless high 5's from Joystiq community*

@LexStewther
"...when you hear rumors like "no firewall installed", "unencrypted credentials"..."

Fixed it for you.

@Co

:crickets:

/run hacker whinging script.jar

This will be interesting. It could prove Sony was truly negligent like many of us suspect they were.

@HokieKC
Exactly what I was thinking.
After all, not telling us for... what, 2 weeks that all this crap happened seems like they don't care about the consumer.

@KGameLover1

2 weeks?

Man, people sure love making shit up.

@PointlessPuppies - It took Sony at least 10 days to let us know what was truly happen and our personal information may have been compromised.

@HokieKC

But it only took them a few days to actually let us know something HAD happened. And they stated many times they didn't even know themselves what had happened right away, hence the delay in telling everybody else.

@HokieKC "It took Sony at least 10 days to let us know what was truly happen and our personal information may have been compromised."

What? No it didn't.
The hacks occurred between the 17th and 19th, Sony found out that they had been hacked on the 19th and promptly shut the service down.
Between the 19th and 25th they had a security firm investigate the situation to find out exactly what had happened. They found this out late on the 25th, and told us exactly what they found out first thing on the 26th.

It took Sony less than a day after they finally understood what happened to tell us.

"Oh, but they should have told us sooner that our information might have been compromised."
They did. 3 or 4 earlier they warned that their might have been a breach on their servers, which should have been a red flag for, well, everyone. If you didn't deal with your credit cards then its your own fault for being negligent.

Stop trying to spin the situation to make Sony seem as if they're the Devil.
10 days to inform us? Please.

@DigitalEmporer Except you're wrong. Sorry.

@DigitalEmporer

"It then took them a further few days to inform us that credit card data WAS stolen, along with passwords, usernames, addresses and dates of birth. Everything someone needs to repliciate you"

well then let them, i hope they are efficient in paying college loans on time.

@DigitalEmporer It took them a while because they themselves did not know. Literally minutes when Sony found out important information was stolen. They then DID state this to us, not a week, not days. But a little ounce after.

Stop being so dense.

@HokieKC
It was only 5 days when they took it down as a precautionary measure of taking it down and informing the public of the intrusion. Whether you think that was too slow is up to you, but please stop exaggerating the timeline.

I'll bet somebody left the back door open on their way out.

@Warden72
And it didn't slam them on the behind on the way out.

lol

@Ezio Auditore da Firenze
rofl

@Cleebo2318
Nope.avi

Uh, it's not like Sony fired the so-called "important staff" and then PSN's security magically went ka-put. If the "important staff" hadn't secured PSN during the OTHER 4+ years of PSN's existence, why should anyone believe that said staff would've magically secured the network just before the security breach?

@PointlessPuppies -Because Sony, apparently, fired substantial numbers of Network Operations Center personnel right before the hacks. And more recently started spending far more on corporate data security rather than customer data security.

If that's true that is negligence.

@HokieKC
You didn't read my post, did you?

What about the OTHER 4+ years of the PSN's life? Why did the "important staff" not do anything all that other time?

@PointlessPuppies - What does that have to do with the lawsuit? It talks about layoffs this year and a recent disparity between corporate and customer data security.

You can be negligent one year while doing fine for 4+ other years.

@PointlessPuppies

Because it'd likely go to a jury, who may magically believe it, and since there observations/knowledge were from their own direct experience it won't be considered hearsay that would be inadmissable.

@HokieKC

You don't get it, do you? If those security flaws were there for 4 years, the fact that they were laid off just weeks prior to the hack means nothing. They had plenty of time to protect the network, guess they just weren't good at it.

I doubt this lawsuit will go anywhere.

@HokieKC
Like Ashitaka said, you don't seem to understand my point. This lawsuit claims Sony was "negligent" because it fired important staff just before the breach. But PSN didn't magically become "insecure" the moment the staff left: when they were fired the network was already insecure.

Hence my doubt of the true importance of these employees. If these employees were the difference between PSN being breached and it NOT being breached, why then did they build and maintain a network as "insecure" as they allege?

@Ashitaka - Having humans look after the network and spot problems is part of securing a network. Sony fired a substantial number of those people just a few weeks before the hacks.

And doesn't that actually prove after four years of little to no problems these people may have actually helped security since the second they were gone one of the largest hacks in history occurred.

@HokieKC

lol You're speaking of sony employees and hackers as if it's a game of space invaders and the moment sony laid them off, there were no more ships shooting the invaders in the face.

It was just a coincidence. If those who built the network in the first place and those who managed it for years didn't correct its vulnerabilities in 4 years, I'm sure they weren't going to do it in the weeks between them being fired and the hacking.

@HokieKC
Are you just going to repeat the same thing over and over again?

What part of this don't you understand? PSN was just as secure the day they fired them as it was the day before. They weren't going to stop the hack in the first place because guess what? The network they left behind was the network they worked on for FOUR years, and the network that was hacked a few days later.

@PointlessPuppies
They layoff was SOE at end of March when they closed three studios and stopped producing the Agency. I think this is just linear thinking that tries to establish direct relationships between events through a single variable, in this case time.

I don't see what throwing firewalls in accomplishes, that's like the Hollywood perception of network security. What happened to being secure BY DESIGN?

@Raffi256

This. So much.

To me, this reeks of employees being bitter after being laid-off. I honestly don't even care anymore. What's over is over, I got my free grab bag and my service back. Now I just want them to hurry up and crank out The Last Guardian and a few other anticipated first party titles. Might be a little easier if they weren't in court all the damn time.

For the record, Sony is in court most of the time because they're the ones doing the suing.

Anyone remember Lik-Sang? The GeoHot stuff? And that's just SCEA. Sony as a whole, including their music and movie divisions, basically lives in court.

@Brett from Atlanta

can i get an AMEN!

@Horsebird

How is Microsoft any different? Microsoft has even been sued by S Korea and European Union. They've been sued for everything from patient infringement to anti-trust violations. Here is just one of many random examples: http://blog.seattlepi.com/microsoft/2006/09/15/this-week-in-microsoft-lawsuits/

@Cleebo2318
nope.pdf

@Lucky48
The earth. That's not a hard connection to make.

But it is a god awful logo.

Why is the PSN logo up there instead of SOE? From what I understand they are separate entities. Sounds like they got fired for not doing their jobs well. For their sake hope they didn't leak any info before the hacks began.
On another note, Joystiq may not be reporting on this but the shit is hitting the fan on the hackers side of things. Lulzsec got hacked by it's peers, the FBI in England questioning a member of lulzsec after his house got raided for hacking, etc. Things are heating up.

@Metalfacedoom / wat, where do you get the idea they were fired for not doing their jobs well?

@Lucky48 It looks like they were going for a Playstation World image.

Or they just happen to fail to metion the fact that SCEA was transitioning ALL NETWORK SERVICES to SNEA for them to handle all of the network systems. This switch happened on april first, and the attack happened there about april 19. plenty of time for someone made redundant by the switch to get revenge.

| 1 | 2 | Most Recent | Next 50 Comments

Class action lawsuit alleges Sony layoffs made PSN vulnerable

Reader Comments (81)

Posted: Jun 24th 2011 2:23PM Johnnynumber5 is powered by cell said

Posted: Jun 24th 2011 2:30PM BPMOmega XBL PSN Steam said

Posted: Jun 24th 2011 2:30PM MarkezJM said

Posted: Jun 24th 2011 2:32PM BPMOmega XBL PSN Steam said

Posted: Jun 24th 2011 3:32PM (Unverified) said

Posted: Jun 24th 2011 3:39PM LexStewther said

Posted: Jun 24th 2011 3:50PM Johnnynumber5 is powered by cell said

Posted: Jun 24th 2011 8:21PM pandaSmore said

Posted: Jun 24th 2011 8:47PM Co said

Posted: Jun 24th 2011 10:36PM ruibing said

Posted: Jun 25th 2011 7:12PM Johnnynumber5 is powered by cell said

Posted: Jun 24th 2011 2:25PM Faceless Troll said

Posted: Jun 24th 2011 2:26PM HokieKC said

Posted: Jun 24th 2011 2:35PM KGameLover1 said

Posted: Jun 24th 2011 2:50PM PointlessPuppies said

Posted: Jun 24th 2011 2:59PM HokieKC said

Posted: Jun 24th 2011 3:16PM liquidsoap89 said

Posted: Jun 24th 2011 3:25PM jtrjuwrue5iiejie5ijeie3i5 said

Posted: Jun 24th 2011 6:28PM DrDrew Pinsky said

Posted: Jun 24th 2011 6:34PM PR0F3TA said

Posted: Jun 24th 2011 6:35PM MiguelAMX said

Posted: Jun 24th 2011 10:38PM ruibing said

Posted: Jun 24th 2011 2:26PM Warden72 said

Posted: Jun 24th 2011 2:33PM BPMOmega XBL PSN Steam said

Posted: Jun 24th 2011 2:28PM Ezio Auditore da Firenze said

Posted: Jun 24th 2011 2:49PM TheBennettBrigade said

Posted: Jun 24th 2011 2:30PM BPMOmega XBL PSN Steam said

Posted: Jun 24th 2011 2:33PM PointlessPuppies said

Posted: Jun 24th 2011 2:41PM HokieKC said

Posted: Jun 24th 2011 2:48PM PointlessPuppies said

Posted: Jun 24th 2011 2:58PM HokieKC said

Posted: Jun 24th 2011 3:03PM MarkezJM said

Posted: Jun 24th 2011 3:11PM Ashitaka said

Posted: Jun 24th 2011 3:26PM PointlessPuppies said

Posted: Jun 24th 2011 3:27PM HokieKC said

Posted: Jun 24th 2011 3:44PM Ashitaka said

Posted: Jun 24th 2011 4:40PM PointlessPuppies said

Posted: Jun 24th 2011 10:43PM ruibing said

Posted: Jun 24th 2011 2:40PM Raffi256 said

Posted: Jun 24th 2011 9:06PM Ashitaka said

Posted: Jun 24th 2011 2:44PM Brett from Atlanta said

Posted: Jun 24th 2011 3:52PM Horsebird said

Posted: Jun 24th 2011 8:30PM PR0F3TA said

Posted: Jun 24th 2011 10:07PM Pixel Addict said

Posted: Jun 24th 2011 2:48PM Tihn said

Posted: Jun 24th 2011 2:48PM Tihn said

Posted: Jun 24th 2011 2:54PM Metalfacedoom said

Posted: Jun 24th 2011 3:00PM MarkezJM said

Posted: Jun 24th 2011 2:58PM Metalfacedoom said

Posted: Jun 24th 2011 2:58PM Einlander said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

WB conjures up Harry Potter for Kinect this fall

Featured Stories

Weekly Webcomic Wrapup is a stranger in a strange land

Silver Lining: I Am Alive's unfeeling world

Game Of Thrones and the paradoxes of adaptation

Engadget

TUAW

Massively

WoW