We've now entered week two of Sony's PlayStation Network being down. And with word from the company that personal data from millions of users may have been compromised, plus growing demands from government representatives, the outlook for a return to normal anytime soon doesn't look promising.
And on Wednesday, a lawsuit filed in the U.S. District Court for the Northern District of California accuses Sony of failing to protect sensitive user data. Kristopher Johns, 36, of Birmingham, Ala., says Sony failed to let its customers "make an informed decision as to whether to change credit-card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions."
On Wednesday of last week, the PSN and Sony's Qriocity media service went down. Later that day, Sony posted a notice that it was aware of the problem, and would soon update users.
On Thursday, the company said it was still "investigating" the outage, and said it might take as much as a day or two to get the services back up.
Friday brought word from Sony that the cause was related to an "external intrusion," and that it had shut down the networks to deal with the problems.
A variety of Sony watchers surmised that the "external intrusion" could have been by members of the Anonymous hacker group. With several major new game titles just coming out this week, the timing of the outage was particularly suspicious.
Anonymous has denied involvement, while simultaneously posting updates to its Facebook page that suggest it could have been involved. On its AnonNews web site, where anyone can post, there is a notice dated Friday titled For Once We Didn't Do It. The posting noted that, while some individual Anons could "have acted by themselves," AnonOps was not involved and "does not take responsibility for whatever has happened."
The posting added that the "more likely explanation is that Sony is taking advantage of Anonymous' previous ill will toward the company to distract users from the fact that the outage is actually an internal problem with the company's servers."
However, on Anonymous' Facebook page, the page owner posted last week that "we have no qualms about our actions" while discussing the outage.
During the weekend, Sony said it was "rebuilding" and strengthening its network, and by Tuesday it revealed that there had been "a compromise of personal information as a result of an illegal intrusion on our systems." It said a notice was sent to the tens of millions of registered account holders, and added that it took a few days to determine that a security breach had occurred.
Meanwhile, Sen. Richard Blumenthal (D-Conn.) wrote a letter to the company on Tuesday saying that a security breach of this size, involving many users who are children, "raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data." He particularly criticized the delay in notifying users.
Britain's information commissioner has also said he will be looking into the situation.
"This has really been as close to a disaster as you could probably imagine," said Michael Gartenberg, research director and analyst at the Gartner Group. He said information released at the beginning was wrong, the company kept promising the network would be back up soon, the security breach was only recently announced, and Sony has been "going about this as if its business as usual."
Gartenberg said he expects that, at the very least, the incident will raise questions in users' minds about whether they want to trust Sony with their confidential information in the future.
Mike Kent also contributed to this story.