After being spectacularly hacked multiple times earlier this year, Sony has decided it’s tired of being sued for its security failures and other issues and is requiring gamers on its Play Station Network to sign an agreement saying they won’t join class-action lawsuits to take the tech giant to court in the future.
Sony quietly updated its terms of service (.pdf) last week to require online gamers to agree to waive their right to any class-action lawsuit in order to log in to their network accounts. Updates to the 21-page, 10,000-word agreement would force current and new players alike to take any grievances to an arbitrator instead. An exclusion exists for disputes that would normally be filed and resolved in small-claims court.
Players have 30 days after signing the agreement to void the arbitration agreement and retain their right to file a class-action lawsuit, but only if they send a letter to Sony, via regular post, asserting they do not consent to the arbitration clause.
Class-action bans are becoming standard in terms-of-service agreements offered by large corporations. The Supreme Court ruled last April that companies can ban class-action suits from customers as long as their agreements allow arbitration to settle disputes. Companies know, however, that consumers are less likely to pursue arbitration or court action – or attract the interest of an attorney – if they have to do so individually.
Sony’s move comes four months after hackers breached its PlayStation Network in April and stole data pertaining to more than 75 million customers. This was followed by another breach at Sony Online Entertainment, which compromised an additional 25 million customers, and still more breaches at Sony Pictures and Sony BMG. The initial intrusion forced Sony to take its Play Station Network offline for 40 days.
The tech giant was hit with a class-action lawsuit by customers in April complaining in part that the company failed to adequately secure their data, failed to notify customers of the breach in a timely manner and deprived customers of the use of the network for an extended period of time.
Sony estimated the breaches would cost it more than $170 million this year, including expenses for shoring up its network against future attacks.
No one has claimed credit for the large breaches, but Sony claimed that a calling card associated with the online griefer group Anonymous was found on one of the servers compromised at Sony Online Entertainment. The group had vowed to target Sony to protest the company’s lawsuit against PlayStation 3 tinkerer George Hotz.
Sony said a file named “Anonymous,” containing the words “We Are Legion” – a tag line regularly used by Anonymous – was left behind by the intruders.
Sony first discovered evidence of a hack on April 20 but waited until the 26th to notify PlayStation Network customers. The company said it notified customers the day after forensic investigators told it that the hackers had obtained personal information of millions of customers.
The hackers also had access to the credit card information of more than 12 million customers, but Sony maintained that the cards were not at risk since they were stored in an encrypted format.