With Sony admitting that its PlayStation Network was hacked
and that lots of personal info was accessed, you knew the reaction would be swift. Within a day we have class action lawsuits being filed
and new laws being proposed
. I agree that it was monumentally stupid of Sony to store passwords as plaintext rather than as hashes, which certainly leaves room for negligence claims, but will laws really make a difference? About the only reasonable response from a government official has been White House cyber boss Howard Schmidt (who has a history of being more reasonable
than many of his colleagues), who noted that getting hacked is a risk of doing business
, and it's not worth overreacting to Sony's situation:
"It's still a situation where specific incidents make it something it's not," he said. "Things make headlines that are just the risk of doing business in many cases."
But, of course that won't satisfy the class action lawyers or the politicians who are all over this. Beyond the plans to introduce laws, we've already seen that Senator Richard Blumenthal, who was a massive grandstander as Connecticut Attorney General, has continued his grandstanding ways with a public "demand for answers"