Presentation on theme: "The Sony PlayStation Network Crash. AGENDA The Crash Company History Gaming PlayStation Network Timeline of Crash Reactions Considerations Whats Next?"— Presentation transcript:
The Sony PlayStation Network Crash
AGENDA The Crash Company History Gaming PlayStation Network Timeline of Crash Reactions Considerations Whats Next?
Pittsburgh Post-Gazette You probably heard about Sonys PlayStation Network hack if you glanced at the internet, television or even newspaper in the past week. It was such big news even news sources like Fox News, ones that usually reserve video game news for exaggerating the indecencies of the latest mature title, discussed the security breach ad nauseam. To say the hackers did damage to Sony would be the understatement of the year. They crippled the network, knocking it out of commission for a little over a week, and the hackers had access to about 77 million users personal information, including credit card data. NEWS FLASH
CRASH BACKGROUND DATES: April 17-19, 2011 SITUATION: Hackers illegally access Sony PlayStation Network & Qriocity Services which has 77 million registered users data with over 12 million accounts containing credit card information. PUBLIC NOTIFICATION(S): Brief (April 22, 2011) Formal (April 26, 2011) FINANCIAL IMPACT: Sony shares fall by more than 5%. Unknown amounts still need to be determined for resolving problem and compensating consumers. FEEDBACK: Public questions companys security and response, governments discuss regulatory environment, and lawsuits are filed.
COMPANY ORIGINS Founded in 1946 by Engineer Masaru Ibuka and physicist Akio Morita Company begins as Tokyo Telecommunications Engineering Corporation named Totsuko Initial products: portable radios, tape recorders, electric rice cookers Initial functions: build and repair electrical equipment Enters North American market in 1950s Sonus (Latin word meaning sound or sonic) Sonny Boy (English term denoting youth & excitement) Sony Large recognizable divisions: Sony Pictures, Sony Computer Entertainment, Sony Electronics, Sony Ericsson, Sony Music, Sony USA
1980s – CD technology developed with Philips 1988 – Partnership built with Nintendo to develop cartridge/cd gaming system called PlayStation Early 1990s – Sony & Nintendo disagree on direction and disbands partnership 1994 – Sony releases cd-only gaming system called the PlayStation X 1995 – Sony Computer Entertainment division is created and headquartered in Sunnyvale, CA Mid 2000s – Latest version of PlayStation called PS3 arrives with Blu- ray disc technology, wireless internet access, internal storage, digital video & audio outputs, and general navigation menu GAMING HISTORY
SONY: PS3 Sales: $439M PlayStation Portable Sales: $297M NINTENDO: Wii Sales: $754M Portable (DS & 3DS) Sales: $827M MICROSOFT: Xbox 360 Sales - $535M *Please note that sales numbers only represent combined hardware and software numbers without additional subscription revenue, etc. CONSOLE GAMING MARKET
Business Briefing Meeting 2006 in Tokyo Brought on as part of PS3 news Release Multi-player gaming, internet, & chat System updates; downloads and streaming of multimedia Specifications Free user registration Access via PlayStation 3, PlayStation Portable, or PC Registration & Access Paid for using electronic funds Originally done through tickets but now pre-paid & credit cards are okay Transactions 77 million registered online worldwide as of 4/30/11 Users THE PLAYSTATION NETWORK
4/19: Illegal activity is detected in network. 4/20: Engineers discover intrusion evidence and shut down PSN. 4/21: Sony retains services of external security firm. 4/22: Sony provides FBI info and comments on blog without discussing data loss. 4/23: Forensic teams confirm advanced attack and notifies public. TWO LONG WEEKS BREACH
4/24: Sony continues work with forensics on server problems. 4/25: Account details (name, address, , password, etc.) are confirmed stolen. 4/25: Global credit card info loss cannot be confirmed. 4/26: Kaz Hirai, head of Sony gaming, appears at news conference for tablet pcs without taking PSN questions. DIAGNOSIS TWO LONG WEEKS
4/26: Sony s consumers with detailed hack info. 4/26-4/27: Sony begins notifying regulatory entities of breach. 4/27: Shares fall 2% on news of potential data loss and first lawsuit filed against company. 4/28: Shares drop 4.5% in Tokyo. 4/29: Sony refutes claims of 2.2 million credit card accounts stolen. TWO LONG WEEKS FALLOUT
CNN reported that Gamers (are) fuming +sid4peeps: This update is 6 days LATE. I think it is time to move to the other network, no regard for customers here +Korbei83: If you have compromised my credit information, you will never receive it again. The fact that youve waited this long to divulge this information to your customers is deplorable. Shame on you +tazinlwfl: …I love my PS3. I really like Sony and I support the developers 100%, but this really tests everyones patience. It really tests my patience. REACTION – CONSUMERS
PSN being out definitely affects our bottom line… but as long as the people who were going to be playing… get right back in there playing… well be happy and hopefully income wont be dented too much. Dylan Cuthbert, Q-Games Developer Our belief is that whilst this is terrible news… it wont affect the user base too much. Stewart Gilray, Just Add Water From my perspective, the bigger issue is not about PSN, but confidence in digital distribution generally. Ste Curran, Zoe Mode Creative Director We have our first self- funded, self-published PSN game,… coming out next week, so from our point of view, the fact that the network isnt available is a big concern. Lol Scragg, Cohort Studios Founder REACTION – DEVELOPERS
Senator Rick Blumenthal (D-Connecticut) I am concerned that PlayStation Network users personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers. Domestic REACTION – GOVERNMENT
Christopher Graham UKs Information Commissioner Researching PlayStation Hack Has power to fine companies 500,000 for serious data breaches Jennifer Stoddart Canadas Privacy Commissioner Currently investigating Sony to determine whether it has violated any privacy laws International REACTION – GOVERNMENT
This action arises from SONYs failure to maintain adequate computer data security of consumer personal data… Subsequent to the compromise of private consumer information and financial data, Defendant unduly delayed or failed to inform in a timely fashion the appropriate entities… Kristopher Johns v. Sony Computer Entertainment America Because of Defendants actions, millions of their customers have had their Financial Data, Personal ID, and Usage Data compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identity theft, and have otherwise suffered damages. Rebecca Mitchell v. Sony Computer Entertainment America LAWSUITS
Payment Card Industry – Data Security Standard (Requirements) LAWS & REGULATIONS Maintain a Firewall Dont use vendor-supplied default system passwords Protect cardholder data Encrypt transmission across open, public networks Use and update anti-virus software Maintain a policy that addresses information security Restrict access to need to know Assign a unique ID Restrict physical access to cardholder data Track and monitor all access to network resources Regularly test security systems Develop and maintain secure systems and applications => Laws vary greatly from state to state
SCENARIO 12/22/07 – Microsofts Xbox Live service went down for 13 days due to a server crash. 03/30/11 – Epsilon discovered that its network had been breached RESPONSE Free downloadable arcade games to members valued at roughly over $80M 04/01/11 – Official press release issued notifying public ADDITIONAL INFORMATION 01/03/08 – Microsoft was notified that they were the subject of a $5 Million class action suit Clients (Kroger, JP Morgan, Capital One) customer data was stolen …greatest risk to Epsilon and Alliance Data is the potential loss of clients SIMILAR SITUATIONS
What are the critical issues in this case? Who are the stakeholders? What can Sony learn from other similar scenarios? How will Sony compensate PSN consumers for this malfunction? How can Sony not lose consumer confidence in products? How should Sony handle the regulatory environment surrounding data theft protection? What communications should Sony make and to whom? WHAT NEXT?