Sony offers games as part of $15m Playstation Network breach settlement
Sony has offered gamers digital goods as part of a $15m settlement in the 2011 PlayStation Network (PSN) data breach case.
In April 2011, the Japanese electronics firm discovered an external intrusion which prompted it to shut PSN down for several weeks.
The company later revealed that the PlayStation Network, the Qriocity music-streaming service (now called Music Unlimited) and the Sony Online Entertainment (SOE) subscription service had been hacked, resulting in the compromise of user data including names, addresses, and possibly even credit card details of 77 million PSN customers.
Many gamers responded by filing individual lawsuits against the company which were later combined into a class-action suit.
In an attempt to avoid the costs associated with a lengthy court case, Sony has now proposed a settlement which offers virtual goodies and even cash for some, but no admission of responsibility.
In a written statement given to Polygon, Sony said:
A proposed settlement has been reached in the class action lawsuits arising from the April 2011 criminal cyber-attacks on the PlayStation Network, Qriocity, and Sony Online Entertainment services. Information regarding the proposed settlement, which is subject to final approval by the Court, is available in the settlement agreement and other documents filed with the Court.
While we continue to deny the allegations in the class action lawsuits, most of which had been previously dismissed by the trial court, we decided to move forward with a settlement to avoid the costs associated with lengthy litigation.
As part of the settlement, Sony has offered to compensate PSN users with one free game for the PSP or PlayStation 3 taken from a selection of 14 titles (including LittleBigPlanet, ModNation Racers, Patapon 3, Killzone Liberation, Dead Nation, inFamous, LittleBigPlanet and Super Stardust HD).
Additionally, free subscriptions to the PlayStation Plus service and Music Unlimited, SOE Station cash and free PS3 themes may also be made available.
The settlement offered to each gamer will vary according to whether or not they had previously taken advantage of the company’s “Welcome Back” game offer that was made available in 2011 after the PlayStation Network was first brought back online.
Claimants who previously took advantage of the Welcome Back offer could be compensated with one additional free game, theme or PS Plus benefit but Sony’s offer is subject to a $4m cap which would see gamers benefit on a strictly first-come, first-served basis.
Likewise, a $6m cap will apply for those who didn’t enter the Welcome Back program. Subject to the cap being reached, eligible gamers could claim two benefits from a selection of PS3 or PGP games, a selection of PlayStation 3 themes or a free three-month subscription to PlayStation Plus.
Users of Sony’s Qriocity music streaming service, who did not have a PSN account at the time of the breach, will be eligible to receive one free month of Music Unlimited service.
SOE claimants will be eligible to receive $4.50 worth of “station cash” which will be credited to their account.
Finally, Sony customers who can prove both that their identity was stolen as part of the hack, and that financial damage was caused as a result, can claim up to $2,500 in damages. Sony has seemingly pre-empted such claims though, telling Polygon that it had received no “confirmed reports of identity theft linked to the attacks, and there is no evidence that anyone’s credit card information was accessed.”
Given the fact that the proposed settlement from Sony primarily involves virtual goods, all produced by Sony itself, I think it is clear that the actual cost of remediation will be nowhere near 15 million real dollars.
The settlement, which has yet to be approved by a judge, is only offered to US residents.
Other countries have already taken Sony to task in other ways, such as in the UK where the Information Commissioner’s Office (ICO) imposed the maximum possible fine of £250,000 ($424,500) for a “serious breach of the Data Protection Act.”
The final hearing, set to determine whether or not Sony’s proposal is fair, has been scheduled for 1 May 2015.
Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/hk4g2tX7OAc/