Stoppage Of Play - Arthur W. Page Society
Download
Report
Transcript Stoppage Of Play - Arthur W. Page Society
The Sony PlayStation Network Crash
AGENDA
The Crash
Company History
Gaming
PlayStation Network
Timeline of Crash
Reactions
Considerations
What’s Next?
NEWS FLASH
Pittsburgh Post-Gazette
“You probably heard about Sony’s PlayStation Network hack if you
glanced at the internet, television or even newspaper in the past
week. It was such big news even news sources like Fox News, ones
that usually reserve video game news for exaggerating the
indecencies of the latest mature title, discussed the security breach
ad nauseam.
To say the hackers did damage to Sony would be the
understatement of the year. They crippled the network, knocking it
out of commission for a little over a week, and the hackers had
access to about 77 million users personal information, including
credit card data.”
CRASH BACKGROUND
DATES: April 17-19, 2011
SITUATION: Hackers illegally access Sony PlayStation Network
& Qriocity Services which has 77 million registered users data
with over 12 million accounts containing credit card information.
PUBLIC NOTIFICATION(S):
Brief (April 22, 2011)
Formal (April 26, 2011)
FINANCIAL IMPACT: Sony shares fall by more than 5%.
Unknown amounts still need to be determined for resolving
problem and compensating consumers.
FEEDBACK: Public questions company’s security and response,
governments discuss regulatory environment, and lawsuits are
filed.
COMPANY ORIGINS
Founded in 1946 by Engineer Masaru Ibuka and
physicist Akio Morita
Company begins as Tokyo Telecommunications
Engineering Corporation named “Totsuko”
Initial products: portable radios, tape recorders,
electric rice cookers
Initial functions: build and repair electrical equipment
Enters North American market in 1950s
Sonus
Sonny Boy
(Latin word meaning
sound or sonic)
(English term denoting
youth & excitement)
Sony
Large recognizable divisions: Sony Pictures, Sony Computer
Entertainment, Sony Electronics, Sony Ericsson, Sony Music, Sony
USA
GAMING HISTORY
1980s – CD technology developed with Philips
1988 – Partnership built with Nintendo to
develop cartridge/cd gaming system called
“PlayStation”
Early 1990s – Sony & Nintendo disagree on
direction and disbands partnership
1994 – Sony releases cd-only gaming system
called the “PlayStation X”
1995 – Sony Computer Entertainment division is
created and headquartered in Sunnyvale, CA
Mid 2000s – Latest version of PlayStation called PS3 arrives with “Blu-
ray” disc technology, wireless internet access, internal storage, digital
video & audio outputs, and general navigation menu
CONSOLE GAMING MARKET
NINTENDO:
Wii Sales: $754M
Portable (DS &
3DS) Sales: $827M
SONY:
PS3 Sales: $439M
PlayStation Portable
Sales: $297M
*Please note that sales numbers only represent combined
hardware and software numbers without additional subscription
revenue, etc.
MICROSOFT:
Xbox 360 Sales -
$535M
THE PLAYSTATION NETWORK
Release
• Business Briefing Meeting 2006 in
Tokyo
• Brought on as part of PS3 news
Specifications
• Multi-player gaming, internet, & chat
• System updates; downloads and
streaming of multimedia
Registration &
Access
• Free user registration
• Access via PlayStation 3, PlayStation
Portable, or PC
Transactions
• Paid for using electronic funds
• Originally done through tickets but
now pre-paid & credit cards are okay
Users
• 77 million registered online
worldwide as of 4/30/11
TWO LONG WEEKS
4/21: Sony
retains
services of
external
security
firm.
4/19: Illegal
activity is
detected in
network.
BREACH
4/23:
Forensic
teams
confirm
advanced
attack and
notifies
public.
4/20:
Engineers
discover
intrusion
evidence
and shut
down
PSN.
4/22: Sony
provides
FBI info
and
comments
on blog
without
discussing
data loss.
TWO LONG WEEKS
4/24: Sony
continues
work with
forensics on
server
problems.
DIAGNOSIS
4/25: Global
credit card info
loss cannot be
confirmed.
4/25:
Account
details
(name,
address,
email,
password,
etc.) are
confirmed
stolen.
4/26: Kaz Hirai,
head of Sony
gaming, appears at
news conference
for tablet pc’s
without taking PSN
questions.
TWO LONG WEEKS
4/26: Sony
emails
consumers
with
detailed
hack info.
FALLOUT
4/29: Sony
refutes
claims of
2.2 million
credit card
accounts
stolen.
4/27: Shares fall
2% on news of
potential data loss
and first lawsuit
filed against
company.
4/26-4/27:
Sony begins
notifying
regulatory
entities of
breach.
4/28:
Shares
drop
4.5% in
Tokyo.
REACTION – CONSUMERS
CNN reported that “Gamers (are) fuming”
+sid4peeps: “This update is 6 days LATE. I think it is
time to move to the other network, no regard for customers
here”
+Korbei83: “If you have compromised my credit
information, you will never receive it again.
The fact that you’ve waited this long to divulge this
information to your customers is deplorable. Shame on you”
+tazinlwfl: “…I love my PS3. I really like Sony and I support
the developers 100%, but this really tests everyone’s patience.
It really tests my patience.”
REACTION – DEVELOPERS
“PSN being out
definitely affects our
bottom line… but as
long as the people who
were going to be
playing… get right back
in there playing… we’ll
be happy and hopefully
income won’t be dented
too much.” Dylan
Cuthbert, Q-Games
Developer
“Our belief is that whilst this is
terrible news… it won’t affect
the user base too much.”
Stewart Gilray, Just Add
Water
“We have our first selffunded, self-published
PSN game,… coming out
next week, so from our
point of view , the fact
that the network isn’t
available is a big
concern.” Lol Scragg,
Cohort Studios
Founder
“From my perspective,
the bigger issue is not
about PSN, but
confidence in digital
distribution generally.”
Ste Curran, Zoe
Mode Creative
Director
REACTION – GOVERNMENT
Senator Rick Blumenthal
(D-Connecticut)
Domestic
“I am concerned that PlayStation Network
users’ personal and financial information may
have been inappropriately accessed by a third
party. Compounding this concern is the
troubling lack of notification from Sony about
the nature of the data breach. Although the
breach occurred nearly a week ago, Sony has
not notified customers of the intrusion, or
provided information that is vital to allowing
individuals to protect themselves from identity
theft, such as informing users whether their
personal or financial information may have
been compromised. Nor has Sony specified
how it intends to protect these consumers.”
REACTION – GOVERNMENT
Christopher Graham
• UK’s Information Commissioner
• Researching PlayStation Hack
• Has power to fine companies ₤500,000 for
serious data breaches
Jennifer Stoddart
• Canada’s Privacy Commissioner
• Currently investigating Sony to determine
whether it has violated any privacy laws
International
LAWSUITS
“This action arises from SONY’s failure to
maintain adequate computer data security of
consumer personal data… Subsequent to the
compromise of private consumer information
and financial data, Defendant unduly delayed
or failed to inform in a timely fashion the
appropriate entities…”
Kristopher Johns v. Sony Computer
Entertainment America
“Because of Defendant’s actions, millions of
their customers have had their Financial Data,
Personal ID, and Usage Data compromised,
have had their privacy rights violated, have
been exposed to the risk of fraud and identity
theft, and have otherwise suffered damages.”
Rebecca Mitchell v. Sony Computer
Entertainment America
LAWS & REGULATIONS
Payment Card Industry – Data Security Standard (Requirements)
• Maintain a Firewall
• Restrict access to need to
• Don’t use vendor-supplied
know
default system passwords
• Assign a unique ID
• Protect cardholder data
• Restrict physical access to
• Encrypt transmission across cardholder data
open , public networks
• Track and monitor all access
• Use and update anti-virus
to network resources
software
• Regularly test security
• Maintain a policy that
systems
addresses information
• Develop and maintain secure
security
systems and applications
=> Laws vary greatly from state to state
SIMILAR SITUATIONS
SCENARIO
12/22/07 – Microsoft’s Xbox
Live service went down for 13
days due to a server crash.
03/30/11 – Epsilon discovered
that its network had been
breached
RESPONSE
Free downloadable arcade
games to members valued at
roughly over $80M
04/01/11 – Official press release
issued notifying public
ADDITIONAL
INFORMATION
01/03/08 – Microsoft was
notified that they were the
subject of a $5 Million class
action suit
Clients (Kroger, JP Morgan,
Capital One) customer data
was stolen
“…greatest risk to Epsilon and
Alliance Data is the potential
loss of clients”
WHAT NEXT?
What are the critical issues in this case? Who are the
stakeholders?
What can Sony learn from other similar scenarios?
How will Sony compensate PSN consumers for this
malfunction?
How can Sony not lose consumer confidence in
products?
How should Sony handle the regulatory environment
surrounding data theft protection?
What communications should Sony make and to whom?