Attorney claims Sony hackers selling cardholder data

Hackers involved in the breach of Sony Corp.'s online video game network are offering 2.2 million credit cards, the corresponding three-digit security verification codes and other personal information for sale on underground Internet sites, the attorney leading a class action suit against Sony said today.

Novato, Calif., lawyer Ira Rothken confirmed, "We have information that is a red flag that the folks who took the Sony data for 2.2 million credit cards with the [card verification values] and assorted personal information are offering to sell this information in criminal venues that use underworld bulletin boards."

Rothken said he has not visited any sites where the information is being offered.

In 2009 and 2010 Rothken successfully negotiated a settlement with T-Mobile USA Inc., Microsoft Corp., and Danger Inc. over a Sidekick smart phone data breach and loss of service that occurred in October 2009.

Sony under scrutiny

"The impact of this theft is multiplied by Sony's failure to inform consumers of the data breach right away," Rothken said. "Once the hackers have the information, if the breach isn't reported right away and customers don't know to change passwords and cancel credit cards, the hackers can use the information to hack customers' other e-commerce sites, doubling the damages resulting from Sony's actions."

Rothken said, based on his experience with other data breach litigation, that Sony was probably not Payment Card Industry (PCI) Data Security Standard (DSS) compliant. "I can't think of a major data breach where the company was PCI compliant," he said. "I think it is likely Sony was not PCI compliant. There were a lot of red flags that suggest Sony knew or should have known their system was vulnerable."

The FBI issued the following statement about its role in the data breach investigation: "The FBI is aware of the reports concerning the alleged intrusion into the Sony online game server, and we have been in contact with Sony concerning this matter. We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity. Anyone with information concerning this matter is asked to contact the FBI at 858-565-1255 or 877-EZ-2-TELL. Cyber tips should be sent to IC3.gov.'"

Sony was contacted for a response to this alert but has not yet responded.

A copy of the complaint may be found at www.techfirm.com/storage/johnsvsony-complaint-final.pdf .

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.