Is it common practice to encrypt users data such as name and adress on an already protected server? I cant think of any company that actually does that, including the company I work for and the one I work with before. With that said, maybe we should pass a law that requires companies to do so, im all for more protection, feel free to point me to a source if this is already required.

no it isnt a law because you can find that information through fb accounts that people willingly post on anyway

There seems to be some common misconceptions floating around. It seems the credit card information
is transferred unencrypted at the moment somebody tranfers data to/from PSN. However, the credit card information on the server side is stored encrypted. So the russian hackers got plain text user information and encrypted credit card information. As you wrote above, this is the usual mix of data any company uses. All this whining "My card was charged recently, I want to sue Sony" is typical of American behaviour of trying to make a fast buck, and I sincerely hope all those lawsuits will be going nowhere and will backfire.

Incidentally, a large German online company has just issued a warning to all its users that their database was recently compromised and sensitive cc data might have been stolen. So this seems like a concerted effort by professional hackers (indications point to Russia/far East at the moment) not solely pointed towards Sony.

Does anyone else think Sony have got a plan??

my theory is that Sony have waited 9 days to tell us our personal information has been hacked for a reason.

that reason is during those nine days the hackers have been operating under a sense of security; so these hackers have been oblivious to Sony knowing about the system being hacked.

all these hackers have known for the last 9 days is that Sony has been 'undergoing PSN maintainence'.

does anyone think that this is why Sony have waited until now to notify us, since during the last 9 days, they've had a period where the hackers have been unaware they are being tracked.

imo this is the only good reason i can find that Sony has waited this long to let us know. in which case i think that is acceptable.

Just got some phishing email about facebook detecting spam from my account and wanting me to open an email attachment, and I almost never get phishing emails.  Coincidence?  Maybe, but it happens so seldom for me that it's hard not to correlate that to what's been happening so far.

so they will lie to their share holders and consumers? both of which they depend on and NEED to survive

you where in the Sony stuffz teh channel crowed weren't you *face palm*

You said Sony should have told the consumers their information may have been stolen before they knew that. That would be stupid to release that statement and then have to clarify if in fact it wasnt.

I wasnt speaking of being informed our info was stolen as being an entitlement but when a service is hacked by criminals to sue the company hosting the product, when we sign off acknowledging that not only could this have happened but its not their fault is what i was referring to as a warped sense of entitlement.

We scroll through the ToS barely anyone reads them, we play in harmony on a free PSN for years then criminals hijack it, and all of a sudden the network we have enjoyed and the ToS we have signed agreeing this day may come means squat because people want a free buck. ENTITLEMENT.

I love this thread. It's so fascinating to see who's willing to go to bat for their team.

Anyhow, it might surprise some of you to know that there seems to be a case here. Many of the plaintiff's claims are laughable (Song-Bev? CLRA? Really?), but Sony has indisputably failed in its legal duty to warn consumers of the security breach (Cal. Civ. Code sec. 1798.82., Seventh cause of action listed), and it may have had inadequate security measures in places (I don't know enough to be certain). If the plaintiffs can prove damages from this breach of duty...

*Ahem*

Cal. Civ. Code § 1798.82

"(b) Any person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person."

"Better safe than sorry." It's a simple, common-sense principle.

And they did that.

The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation.

why didnt y9ou keep reading?

AND YOU SHOULD HAVE KEPT READING LOL!

(e) For purposes of this section, “personal information” means an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:

(1) Social security number.

(2) Driver’s license number or California Identification Card number.

(3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

(4) Medical information.

(5) Health insurance information.

So basically this law doesnt pertain to the case. This doesnt consider that personal information