Presentation on theme: "The Sony PlayStation Network Crash"— Presentation transcript:
1The Sony PlayStation Network Crash Stoppage Of PlayThe Sony PlayStation Network Crash
2AGENDA The Crash Company History Gaming PlayStation Network Timeline of CrashReactionsConsiderationsWhat’s Next?
3NEWS FLASH Pittsburgh Post-Gazette “You probably heard about Sony’s PlayStation Network hack if you glanced at the internet, television or even newspaper in the past week. It was such big news even news sources like Fox News, ones that usually reserve video game news for exaggerating the indecencies of the latest mature title, discussed the security breach ad nauseam.To say the hackers did damage to Sony would be the understatement of the year. They crippled the network, knocking it out of commission for a little over a week, and the hackers had access to about 77 million users personal information, including credit card data.”
4CRASH BACKGROUND DATES: April 17-19, 2011 SITUATION: Hackers illegally access Sony PlayStation Network & Qriocity Services which has 77 million registered users data with over 12 million accounts containing credit card information.PUBLIC NOTIFICATION(S):Brief (April 22, 2011)Formal (April 26, 2011)FINANCIAL IMPACT: Sony shares fall by more than 5%. Unknown amounts still need to be determined for resolving problem and compensating consumers.FEEDBACK: Public questions company’s security and response, governments discuss regulatory environment, and lawsuits are filed.
5COMPANY ORIGINS Sony Sonus Sonny Boy Founded in 1946 by Engineer Masaru Ibuka and physicist Akio MoritaCompany begins as Tokyo Telecommunications Engineering Corporation named “Totsuko”Initial products: portable radios, tape recorders, electric rice cookersInitial functions: build and repair electrical equipmentEnters North American market in 1950sSonus(Latin word meaningsound or sonic)Sonny Boy(English term denotingyouth & excitement)SonyLarge recognizable divisions: Sony Pictures, Sony Computer Entertainment, Sony Electronics, Sony Ericsson, Sony Music, Sony USA
6GAMING HISTORY 1980s – CD technology developed with Philips 1988 – Partnership built with Nintendo to develop cartridge/cd gaming system called “PlayStation”Early 1990s – Sony & Nintendo disagree on direction and disbands partnership1994 – Sony releases cd-only gaming system called the “PlayStation X”1995 – Sony Computer Entertainment division is created and headquartered in Sunnyvale, CANintendo PlayStation Image -Sony PlayStation (PSX) Image -Mid 2000s – Latest version of PlayStation called PS3 arrives with “Blu- ray” disc technology, wireless internet access, internal storage, digital video & audio outputs, and general navigation menu
7CONSOLE GAMING MARKET NINTENDO: SONY: MICROSOFT: Wii Sales: $754M Portable (DS & 3DS) Sales: $827MSONY:PS3 Sales: $439MPlayStation Portable Sales: $297MMICROSOFT:Xbox 360 Sales - $535MSales Totals (as of 4/30/11) -Sony PS3 Image - https://s3.amazonaws.com/luuux-original-files/bookmarklet_uploaded/ _ _1-Fotos-de--Playstation-3-Slim-120GB-SONY-PS jpgNintendo Image -Xbox Image -*Please note that sales numbers only represent combined hardware and software numbers without additional subscription revenue, etc.
8THE PLAYSTATION NETWORK Business Briefing Meeting 2006 in TokyoBrought on as part of PS3 newsReleaseMulti-player gaming, internet, & chatSystem updates; downloads and streaming of multimediaSpecificationsFree user registrationAccess via PlayStation 3, PlayStation Portable, or PCRegistration & AccessPaid for using electronic fundsOriginally done through tickets but now pre-paid & credit cards are okayTransactions77 million registered online worldwide as of 4/30/11UsersSony PSP Image -
9TWO LONG WEEKS 4/19: Illegal activity is detected in network. 4/20: Engineers discover intrusion evidence and shut down PSN.4/21: Sony retains services of external security firm.4/22: Sony provides FBI info and comments on blog without discussing data loss.4/23: Forensic teams confirm advanced attack and notifies public.BREACH
10TWO LONG WEEKS4/24: Sony continues work with forensics on server problems.4/25: Account details (name, address, , password, etc.) are confirmed stolen.4/25: Global credit card info loss cannot be confirmed.4/26: Kaz Hirai, head of Sony gaming, appears at news conference for tablet pc’s without taking PSN questions.DIAGNOSIS
11TWO LONG WEEKS 4/26: Sony emails consumers with detailed hack info. 4/26-4/27: Sony begins notifying regulatory entities of breach.4/27: Shares fall 2% on news of potential data loss and first lawsuit filed against company.4/28: Shares drop 4.5% in Tokyo.4/29: Sony refutes claims of 2.2 million credit card accounts stolen.FALLOUT
12REACTION – CONSUMERS CNN reported that “Gamers (are) fuming” +sid4peeps: “This update is 6 days LATE. I think it is time to move to the other network, no regard for customers here”+Korbei83: “If you have compromised my credit information, you will never receive it again.The fact that you’ve waited this long to divulge this information to your customers is deplorable. Shame on you”... first paragraph first law suit was filed+tazinlwfl: “…I love my PS3. I really like Sony and I support the developers 100%, but this really tests everyone’s patience. It really tests my patience.”
13REACTION – DEVELOPERS“Our belief is that whilst this is terrible news… it won’t affect the user base too much.” Stewart Gilray, Just Add Water“PSN being out definitely affects our bottom line… but as long as the people who were going to be playing… get right back in there playing… we’ll be happy and hopefully income won’t be dented too much.” Dylan Cuthbert, Q-Games Developer“From my perspective, the bigger issue is not about PSN, but confidence in digital distribution generally.” Ste Curran, Zoe Mode Creative Director“We have our first self-funded, self-published PSN game,… coming out next week, so from our point of view , the fact that the network isn’t available is a big concern.” Lol Scragg, Cohort Studios Founder
14Senator Rick Blumenthal REACTION – GOVERNMENT“I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.”Senator Rick Blumenthal(D-Connecticut)Domestic
15REACTION – GOVERNMENT Christopher Graham Jennifer Stoddart UK’s Information CommissionerResearching PlayStation HackHas power to fine companies ₤500,000 for serious data breachesJennifer StoddartCanada’s Privacy CommissionerCurrently investigating Sony to determine whether it has violated any privacy lawsInternational
16LAWSUITS“This action arises from SONY’s failure to maintain adequate computer data security of consumer personal data… Subsequent to the compromise of private consumer information and financial data, Defendant unduly delayed or failed to inform in a timely fashion the appropriate entities…”Kristopher Johns v. Sony Computer Entertainment America“Because of Defendant’s actions, millions of their customers have had their Financial Data, Personal ID, and Usage Data compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identity theft, and have otherwise suffered damages.”Rebecca Mitchell v. Sony Computer Entertainment America
17LAWS & REGULATIONSPayment Card Industry – Data Security Standard (Requirements)Maintain a FirewallDon’t use vendor-supplied default system passwordsProtect cardholder dataEncrypt transmission across open , public networksUse and update anti-virus softwareMaintain a policy that addresses information securityRestrict access to need to knowAssign a unique IDRestrict physical access to cardholder dataTrack and monitor all access to network resourcesRegularly test security systemsDevelop and maintain secure systems and applications=> Laws vary greatly from state to state
18ADDITIONAL INFORMATION SIMILAR SITUATIONSSCENARIO12/22/07 – Microsoft’s Xbox Live service went down for 13 days due to a server crash.03/30/11 – Epsilon discovered that its network had been breachedRESPONSEFree downloadable arcade games to members valued at roughly over $80M04/01/11 – Official press release issued notifying publicADDITIONAL INFORMATION01/03/08 – Microsoft was notified that they were the subject of a $5 Million class action suitClients (Kroger, JP Morgan, Capital One) customer data was stolen“…greatest risk to Epsilon and Alliance Data is the potential loss of clients”Shows that the price of the XBLA game Undertow at the time was $10In the month before the incident there were over $8Million users. Assuming that every user downloaded the game or were compensated for their purchase, it meant a potential loss of revenue to Microsoft in excess of $80 Million probably more because the cause of the downtime seemed to be that an extremely large number of players tried to sign up and use the service during the holidays$5 Million Class Action SuitSays that the largest impact will be due to the loss in trust from its customers (Source for Quote)
19WHAT NEXT?What are the critical issues in this case? Who are the stakeholders?What can Sony learn from other similar scenarios?How will Sony compensate PSN consumers for this malfunction?How can Sony not lose consumer confidence in products?How should Sony handle the regulatory environment surrounding data theft protection?What communications should Sony make and to whom?