Sony Breach a Result of PCI Compliance Failure

| By:

As a result of Sony’s network security breach, as many as 2.2 million customers may have had their credit card information compromised. Certain sources allege that this data is now for sale on the black market. In the age of Payment Card Industry Data Security Standards, how could this information have been vulnerable and who is to blame?

The PCI Security Standards Council ( would point the finger at Sony. Businesses have all the guidance and equipment at their disposal to keep customer information safe. if they fail to adhere to the standards or don’t take them seriously, we end up with dreadful situations like this. The Ponemon Institute estimates the average per customer cost of a data breach to be around $200. If indeed 2.2 Million customers have been compromised, then Sony will have about $440 Million at stake. And that’s just the tip of the iceberg. There are over 77 million Playstation Network players, all with varying levels of private information in the network’s files. With all considered, the potential damage could exceed $15 Billion.

And it’s already begun. Playstation gamers recently filed a class action lawsuit in Sacramento, CA. Ira Rothken, the lead attorney handling the case, is quoted in the Green Sheet as saying “I can’t think of a major data breach where the company was PCI compliant,” he said. “I think it is likely Sony was not PCI compliant. There were a lot of red flags that suggest Sony knew or should have known their system was vulnerable.”

It’s a shame Sony didn’t heed our advice earlier. In January we wrote that 60% of merchants are unaware of the costs they would incur for a data breach. Full Compliance involves a lot of things, including an annual self assessment test. Even the corner deli is subject to these mandatory procedures. For information on how to avoid the situation that Sony is in, please refer to the PCI Compliance section of our site.

Seriously. If Sony is vulnerable, you probably are too.

– deBanked

Last modified: February 21, 2013
Sean Murray

Category: Merchant Processing, MPR Authored

Home Merchant Processing, MPR Authored › Sony Breach a Result of PCI Compliance Failure