• Yesterday it was announced officially by Sony that some darn hacker(s) may or may not have managed to creep in their system and run away with 77 MILLION peoples account details including passwords & credit card details. This has caused a massive poop-storm with sceners and fanboys alike calling for answers but mainly for Sony’s head on a pike.

    Well just as you think it couldn’t get any worse for Sony, it has been rumored that Sony may be trying to get out of being held responsible for this total blunder using their own PSN T&C as a escape clause HOWEVER the “ICO” (A UK Information Rights Body) has decreed that if the user-data was held on servers within the UK then Sony may face a £500,000 fine to add to the bill.

    To quote from MCVUK News:

    It has emerged that part of Sony’s PSN terms and conditions claim that the company is not liable for any loss of user data!

    “We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network,” the terms state.

    However, speaking to Edge, the Information Commissioners Office (ICO) claims that Sony is accountable to stipulations outlined in the UK Data Protection Act which says that companies are obligated to keep users’ details secure.
    “While we are unable to say where the data is being stored at present, if it was in the UK, this clause would not free them from their obligations under the UK Data Protection Act,” ICO stated.
    “If we found a breach, one of the actions we could take would be to issue an undertaking, which is an agreement between the ICO and the company that if they are handling personal information they have to bring about set improvements in order for them to be compliant with the act.
    “If the company is not compliant with the act within a certain time limit, further action would be taken and we might consider an enforcement notice or issue a monetary penalty.
    “For serious breaches of the act, we can issue a monetary penalty up to £500,000.”

    Tags: , ,

    Discuss in Forums (45)


  • 45 Comments

    1. AizenSousuke
      04-27-2011
      10:06 AM
      1

      What the... this is so unfair..

      So this is what it means by:

      "The Law cannot protect people"

    2. DaveOMac
      04-27-2011
      10:09 AM
      2

      It has also been published by Edge too you can read their news blog here:
      http://www.next-gen.biz/news/sony-tc...-for-data-loss

    3. whiteice
      04-27-2011
      10:11 AM
      3

      Wtf they should of had it encrypted in the first place, if they handle our data like they do its no wonder why the ps3 was hacked in the first place lol

    4. Fulaeetoy
      04-27-2011
      10:19 AM
      4

      That's why PSN is free.


      ____________________________________

    5. japsander
      04-27-2011
      10:22 AM
      5

      i wondoer what other reason they had to quickly silence devs who could uncover this??
      instead of silencing smarter people, they should listen!
      i hope sony stored uk data in uk servers. they need to be punished for this.

      all new cfw pups should come with an EULA stating that by the console accepting the pup without modifications, sony agree this is an authorised update and can not hold us responsible for anything thereafter. after all, if its in the EULA its ok right?

      what does the EULA say in regards to the way they handle our private data? if they break it then how can they use it as a means out of liability?

    6. onenut
      04-27-2011
      10:24 AM
      6

      wow, see what happens when Sony ****s with the wrong people
      bend over Sony it's your turn to get ****ed up the ass mother ****ers
      lol

    7. Annelies
      04-27-2011
      10:25 AM
      7

      Originally Posted by Fulaeetoy
      That's why PSN is free.


      ____________________________________
      You act as if the same thing can't happen to Xbox LIVE.

    8. jedinova
      04-27-2011
      10:29 AM
      8

      when they said data lose i thought they ment game data

    9. tech3475
      04-27-2011
      10:29 AM
      9

      You know, this situation is so ****ed up I don't know where to begin.

      If it wasn't for my PSN+ subscription I would seriously consider selling the console.

    10. HiRolliN
      04-27-2011
      10:35 AM
      10

      wow this whole situation spiraled outta control quickly.

    11. Joel
      04-27-2011
      10:37 AM
      11

      I hope Sony pays for this, they can't keep hiding behind the TOS to get away with everything.

    12. Pockets69
      04-27-2011
      10:42 AM
      12

      Can someone send those ICO guys the PDF that explained all the security flaws on PSN? Please?!

    13. japsander
      04-27-2011
      10:43 AM
      13

      sonys eula in short

      "by accepting this eula, you accept that we will have no liability for anything we do, no matter how retarded, irresponsible or failing of the epic variety. to accept this eula, simply look away. to decline you do not have to do anything. just carry on looking at this eula until you are ready to look away"

    14. Rax909
      04-27-2011
      10:45 AM
      14

      Wow Sony is behind the entire hack. Unless you can come up with a realistic reason why they are trying to get away with not being blamed? I mean seriously it makes them sound just as guilty as the hackers. Infact in my eyes they are.

    15. Wolfie708
      04-27-2011
      10:47 AM
      15

      Am I reading it wrong????

      To me it says that if security is found to be poor they will be pushed to improve it in a given time (good copt out) and if they don't they may be fined?

      It does not in any way say they are going to be punished for how it stands now?

      “If we found a breach, one of the actions we could take would be to issue an undertaking, which is an agreement between the ICO and the company that if they are handling personal information they have to bring about set improvements in order for them to be compliant with the act.
      “If the company is not compliant with the act within a certain time limit, further action would be taken and we might consider an enforcement notice or issue a monetary penalty.
      “For serious breaches of the act, we can issue a monetary penalty up to �500,000.”

    16. tman420
      04-27-2011
      10:53 AM
      16

      $ony was behind the attack that is why it says may or may not have been taken. Now that they have to pay for trying to make hackers look bad they want to say oh we didnt do **** hahahhahahahahhaha F U Sony you really managed to piss off all of your customers this time lol

    17. japsander
      04-27-2011
      11:04 AM
      17

      how the hell do the encryption keys posted on a website that hold no personal data take legal priority over the details of 70+ million credit card/ bank accounts that they send over the network with no basic common sense security?



      sonys idea of security??

    18. BobbyBlunt
      04-27-2011
      11:22 AM
      18

      First off all their so called engineers need to go back to college and take another class in network security. Second I would like to see that bullsh** terms of service hold up in court considering that the piss poor security has let 77 million accounts out into someone else's hands. Good job Sony you have pissed off all of your customers, modders and legit users alike. Well that made my determination. I sold one system and I was thing about making the other legit for when PSN comes back up, but the hell with them. I guess I am missing out on SOCOM, Infamous 2, and Uncharted 3.

    19. DamMan1900
      04-27-2011
      11:26 AM
      19

      ITS NOT MY FAULT WHEN U DONT SEE MY MONEY EVER AGAIN. I wonder how long they can live when say 1/4th of they consumers tell them to shove there products up there azz.

    20. KillerBug
      04-27-2011
      11:30 AM
      20

      �For serious breaches of the act, we can issue a monetary penalty up to �500,000.�

      It sounds like sony is going to get a slap on the wrist fine...that might be a lot of money to ordinary people...but it isn't even detectable on a multinational corporate bottom line. It isn't worth going through the things they want them to go through...easier to just pay the fine.

      Anyway, isn't the data loss not really the issue? I mean, this kind of thing happens all the time...usually not as big, but it does happen. The real problem is that they waited somewhere between 5-7 days to tell people about it after the knew...they are practically accomplices to any theft that occurs because of that delay.

    21. BobbyBlunt
      04-27-2011
      11:34 AM
      21

      Originally Posted by japsander
      sonys eula in short

      "by accepting this eula, you accept that we will have no liability for anything we do, no matter how retarded, irresponsible or failing of the epic variety. to accept this eula, simply look away. to decline you do not have to do anything. just carry on looking at this eula until you are ready to look away"
      Isn't that about the truth.

    22. DaveOMac
      04-27-2011
      11:44 AM
      22

      Originally Posted by Wolfie708
      Am I reading it wrong????

      To me it says that if security is found to be poor they will be pushed to improve it in a given time (good copt out) and if they don't they may be fined?

      It does not in any way say they are going to be punished for how it stands now?

      [/B]
      You are reading it right, usually when ICO get involved they will get there little technicians to ripped their flawed system apart and then give recommendations on what needs to be done. The business is then give x amount of days to bring their system up-to "code", if they do then they no-harm no-foul sign a piece of paper and thats the end of it. If the company tries to patch its flaws but does it in a cheap-arse manner, then usually the are given an extension or if case of pure incompentance then they are fined.

      However in the case of Sony who should KNOW better they may do this differently.

      Now the key word in this article is IF there was user-data held in the UK. If it turns out that all PSN user data is held in USA or JAPAN or wherever and Sony proves this. The ICO can not continue any further (So note Sony if you did have userdata in UK quickly move it while no-one is looking!)

    23. riskyblam69
      04-27-2011
      11:46 AM
      23

      Seriously sony u complete an utter tards if u hadnt taken away linux in the first place none of this would have happened ! U deserve the intrusion regards !

    24. shogrran
      04-27-2011
      11:51 AM
      24

      karma is digital

    25. bigo93
      04-27-2011
      11:53 AM
      25

      Suddenly all UK PSN servers disappear in a puff of smoke, or as some call it arson.

      If Sony claim no data was stored in the UK that means they get away with the �500,000 fine. I think that's unfair, if they are dealing with UK consumers they must follow UK laws, no matter where their servers are! And are the ICO going to spent time checking to see if UK PS3s connected to UK servers?

      We need to find out ourselves where the servers are located. They can easily build servers in France and then say they were always located there.


      I hope this also leads to new regulations concerning EULA and ToS. Fact is even though we bought a gaming console we are forced to update to newer firmwares and agree to their ToS in order to play newer games! It's basically holding you to ransom, dont agree with us then dont play new games and let your PS3 be a paperweight.

    26. DaveOMac
      04-27-2011
      12:02 PM
      26

      The ICO are only an independent authority based in the UK but these guys take every case seriously and have repremanded the NHS and quite a few of the British Government Bodies.

      They have asked Sony nicely to provide them with details on the breach and their security at that time, they have also asked for detailed technicial specifications on the new "PSN 2.0". If Sony refuse to devulge this information, the ICO will ask again nicely and if still Sony will not play ball they will slap them with a breach of the Data Protection Act, The Freedom of Information act and whatever else they hold in their arsenal.

      They will also investigate it externally too, if Sony were to deny that userdata was held in the UK when indeed it was. Hell hath no fury like the ICO being d1cked around.

    27. dave4321
      04-27-2011
      12:12 PM
      27

      Do you honestly think the banks and credit card companys will take the fall for sony not protecting cc details .......i doubt it ......if they get influx and people saying it could have been the psn network ........ the banks and cc companys will seek damages from sony ...they wont get away with it !!

    28. richardrpg
      04-27-2011
      12:21 PM
      28

      7pm South Africa, Tv News.. 'Sony Playstation have admitted hackers have stolen data from PSN' At least news of Sony's stuff up is now mainstream. If its on the news in my country it should be all over Europe & USA. The report is obviously biased in Sony's favour but at least more people know now.

    29. liljonatl
      04-27-2011
      12:58 PM
      29

      they just changed there owner info and u had to agree to the new terms if you did not they said they would close your account and refund your money awhile back. so is my info leaked ? and if so why i did not agree to the new terms ? did they not deleted all my info? any news on that would be helpful.
      And if they did not they would not be following there on protocol correct that would. They would be reliable at that point in time since they said they are not reliable for loss of network and information correct ?


      "On April 1, 2011, Sony Computer
      Entertainment America LLC (�SCEA�)
      will transfer its online services
      operations, including your wallet
      and the funds in it, to Sony Network
      Entertainment America Inc. (�SNEA�).
      The first time you sign in to your
      Sony Online Services account on or
      after April 1, you will be asked to
      enter into a new Terms of Service and
      User Agreement with SNEA. If you do
      not wish to enter into a contract with
      SNEA, you may decline the terms of
      service and we will close your account(s)
      and return your funds. You can preview
      the new Terms of Service and User
      Agreement with SNEA at:"

    30. Schnippshly
      04-27-2011
      03:21 PM
      30

      "Being on the PSN is a privilege, not a right. If you decide to stay on a custom firmware, you lose that privilege."
      "Uh-oh, we lost the personal information of every single person, CFW user or not, to hackers... Um... Well it's your own fault for signing onto PSN, PSN is your responsibility, not ours!"

    31. systematic
      04-27-2011
      03:28 PM
      31

      Originally Posted by Fulaeetoy
      That's why PSN is free.


      ____________________________________
      I dont follow, online banking is free so is bill paying for most utilities. I dont understand what that it has to do with security.

    32. Schnippshly
      04-27-2011
      03:37 PM
      32

      Originally Posted by Fulaeetoy
      That's why PSN is free.
      XBOX 360 is the only console that charges to play online. You can play PC, Wii or NDS games online and not worry about losing your personal info due to the people handling it being mind-blowingly incompetent.

    33. Pockets69
      04-27-2011
      03:46 PM
      33

      Originally Posted by Sony
      It's not our fault
      I give you that sony, its not your fault, its ours from trusting you!

    34. tryp
      04-27-2011
      04:04 PM
      34

      "That's why PSN is free."

      Unless, like me, you paid for Playstation Plus.

      Done with my cig, back to MK now..damn I wish the 360's pad didn't suck for fighters, that'd have been $60 towards the xbox instead of the ps3.

    35. blackmath
      04-27-2011
      04:57 PM
      35

      This is the wrong stand for them to take on this. You'd have to be b@tsh!t crazy to trust them with your info after this fiasco. I have no intention on buying anything from them PSN as long as they take this careless attitude about security.

    36. japsander
      04-27-2011
      05:00 PM
      36

      think yourselves lucky that sony do not run a babysitting, bodyguard, witnes protection programme. thats all i can say.

    37. republicano
      04-27-2011
      05:03 PM
      37

      sony can be responsible for negligence but its the users choice to agree on the terms of the contract, its for free and users didnt have to give any consideration in return,so you cant blame sony, they were hacked, they didnt give out the information voluntarily.

    38. japsander
      04-27-2011
      05:25 PM
      38

      Originally Posted by republicano
      sony can be responsible for negligence but its the users choice to agree on the terms of the contract, its for free and users didnt have to give any consideration in return,so you cant blame sony, they were hacked, they didnt give out the information voluntarily.
      if it was free, you would never have given your details would you?
      the psn free service is fine but as a retailer they failed on their responsibilities. do you sign a contract when you buy anything in a shop? what would you say if they copied every detail on your card (including the 3 digit security code that they have no right/need to ever see) and then wrote it in a book in an unlocked case?

      they had a legal obligation to ensure safety of private data.
      they did not encrypt it, WHY?
      they stored the 3 digit security code, WHY?
      they stored it in plain text, WHY?
      when you "deleted" billing info they did not remove it, WHY?

      there is no excuse for this. they also knew about the vulnerability and did nothing to prevent it. they spent too much tyime and resources trying to silence the people that would uncover their incompetence.

      where in the contract (what contract?) does it say they will do nothing to secure your data and you are at risk because of this? legally you need to be informed of any risks involved.

    39. BobbyBlunt
      04-27-2011
      06:19 PM
      39

      A lawsuit has been mentioned and as people have brought up what good would it do? Well with millions worldwide in a class action lawsuit involving many countries I really don't think Sony would stand a chance. The ToS means nothing. This is criminal neglect of personal information. I have contacted a lawyer and we talked for a while about the whole situation amd he also stated that Sony's terms mean nothing if they break the law. In my opinion the fanboys that keep coming to this site flaming us should be thanking us that we pointed out these flaws months ago. We were never what Sony should have been scared of. They should've listened to the warnings of several intelligent people and stopped being so arrogant.

    40. RoxasDe
      04-27-2011
      06:49 PM
      40

      Originally Posted by Fulaeetoy
      That's why PSN is free.


      ____________________________________
      Nope. That is not why it's free.

    41. republicano
      04-27-2011
      06:57 PM
      41

      Originally Posted by japsander
      if it was free, you would never have given your details would you? etc etc,.....
      i have never been on psn because i couldn't agree to their terms,
      i would read contracts given when i purchased products since im bound to them when i use it which isnt far.

      im not 100% aware of their security, but to my knowledge everything can be hacked (thanks about informing the security code/info)
      if they knew about weak security and didnt tell customers about it then THEY WILL take responsibility but its also the peoples responsibility to know about the dangers of sending personal info online, once its out there its too late.

      we all know sony by now and we support sony by buying their products if you dont like their operations then go to their competitors, which will force sony to up their management.
      im a sony customer but i only wanted their hardware/Linux

      i dont mean to offend the people effected but it seems like the only way to bring down monopolies/fascism is with hacking since the majority blindly follow which gives them the power.

    42. lernatix
      04-27-2011
      07:52 PM
      42

      Que the Benny Hill music...

    43. tryp
      04-29-2011
      02:51 PM
      43

      I guess I'm not clicking any more ToS agreements...have to find a way to hack around them. I wouldn't want to be sewed together mouth to butthole with other people and forced to become the "Human Centistation"....yeah some of you won't get that, oh well.

    44. Wolfie708
      04-29-2011
      02:56 PM
      44

      Originally Posted by tryp
      I guess I'm not clicking any more ToS agreements...have to find a way to hack around them. I wouldn't want to be sewed together mouth to butthole with other people and forced to become the "Human Centistation"....yeah some of you won't get that, oh well.
      That film was soooooooooooooooo sick and twisted........ Well actually the actual film is comical, but the storyline turned my stomach.

    45. tryp
      04-29-2011
      03:02 PM
      45

      Wolfie-watch the new South Park episode - "Human CentiPad".. They're targeting Apple here, but this entire episode is pretty much entirely relevant to the Sony situation, especially with the ToS bit, just replace the name "Apple" with the name "Sony" Still a great parody of the original movie as well hehe.