* U.S. lawyers focused on data breaches eye legal action
* British government watchdog launches investigation
* U.S. state attorneys general also discussing incident
By Tom Hals and Leigh Jones
WILMINGTON, Del./NEW YORK, April 27 Sony Corp
(6758.T) could face legal action across the globe after it
belatedly revealed one of the biggest online data breaches
One U.S. class-action lawyer said he was considering filing
a lawsuit on behalf of consumers as soon as this week, after
hackers accessed personal details on 77 million users of the
company's online PlayStation Network gaming service.
Also, a government watchdog in Britain said it had already
launched an investigation of the incident, which put credit
card information at risk.
In the United States, the Iowa and Connecticut attorneys
general, who act as consumer advocates for their states, were
discussing the matter with their staff, according to their
"This is a huge data breach and the clients who have called
are really upset, not just because of the data breach but it
looks like Sony sat on information for as much as five days,"
said Jay Edelson, an attorney at law firm Edelson McGuire.
Edelson's firm specializes in class-action lawsuits over
data breaches. He said he would decide in the next 24 hours
whether to sue.
Sony did not immediately return a call on Wednesday seeking
Sony said on Tuesday that hackers stole names, addresses
and possibly credit card details from users of its PlayStation
Network. For details, see [ID:nN26297307]
While the Japanese electronics company pulled the plug on
the network on April 19, it did not tell the public about the
hackers' attack until Tuesday.
The disclosure sparked immediate outrage among gamers
[ID:nL3E7FR05U] and revived criticisms of Japan's corporate
culture that plagued Toyota Motor (7203.T) during its huge
automotive recall in 2010. [ID:nL3E7FR1S8]
"Waiting five days and giving misinformation, which we
believe they did, is really going to be problematic for Sony,"
That could prove to be critical because Sony's customers
were not given the chance to protect themselves, putting the
company on the hook if stolen credit-card data was used by the
hackers, he said.
A Sony spokesman has said that after learning of the breach
it took "several days of forensic investigation" before the
company knew consumers' data had been compromised.
Sony reported the breach to the FBI's cybercrimes unit in
San Diego, which is investigating, a person familiar with the
probe told Reuters. The person was not authorized to discuss
the matter publicly.
Britain's Information Commissioner's Office said it had
contacted the company and was investigating whether Sony
violated laws that require it to safeguard personal
The commissioner's investigation would depend in part on
whether Sony stored user information in Britain.
Sony may come under the toughest scrutiny from non-U.S.
regulators, which have stricter consumer privacy laws.
"European countries are going to go crazy and be all over
this," said Dan Burk, a professor at the University of
California, Irvine School of Law. "They are absolutely obsessed
about companies holding personal information."
Burk said subscribers will need to show they suffered
damages as a result of the hacking for a U.S. lawsuit to have
"If it was just hacking for fun, then it's going to be
tough," he said of the prospects for a potential U.S. lawsuit.
However, users would not have to show damage in other
countries, and Burk said Sony could face fines and penalties
from privacy commissions outside the United States.
The U.S. Federal Trade Commission has been known to pursue
companies that failed to safeguard consumer data. It could
investigate if it determines Sony failed to tell its customers
about the company's privacy policies.
A spokeswoman for the agency declined to comment.
(Additional reporting by Diane Bartz in Washington, Georgina
Prodhan in London and Dan Levine in San Francisco: Editing by