Sony T&C: No Liability For Data Loss

The Internet is awash with people demanding compensation as their personal data is now in the hands of hackers but they may be in for a shock if they take legal action against Sony. MCV has noted the following statement in the Sony Online Terms & Conditions:

We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network.

Sony may be liable to a fine from Information Commissioners Office (ICO) of up to £500,000 if they are found to have broken the UK Data Protection Act but it appears that individual PSN users will not be able to claim any financial compensation.

Source: MCV



  1. Well I think we all saw that one coming.

    • shame they didnt see the hack coming

      • actually they did they noticed 10 days ago

    • I am rubber you are glue.

      • I’m neither glue or human

      • Erm, i’m ovine *looks sheepish*

      • *awkward silence* … anyone for some lamb kebabs?

  2. what a surprise, hidden in the massive small text is something that covers them from everything, including, if they came round and smashed your PS3 with a hammer probably.

    • they havent covered themsleves for this Sony has to comply with the law and inform its customers straight away of any breach to customers details they clearly did not do this and waited over a week to do so they are not out of the woods yet

      • well we don’t know when they found out customer details were compromised, all they knew when they shutdown the psn was that there had been an intrusion. Look at that case with, it took them 3 months after noticing an intrusion to realise email addresses had been taken. It’s perfectly possible that they only found out that user info was taken yesterday, there’s still no evidence whether or not credit card info has been compromised

      • sony can afford better security than they realised they had an intrusion 10 days ago it took them 4 days to shut the serves off normal people would shut their servers off immediately after finding out they an intrusion not wait several days to do so of corse they knew personal info was taken straight away it was a hack thats what some hackers do take personal info

      • well for a start your dates are wrong, from the information from the eu blog the intrusion happened between the 17th and 19th, they found out on the 19th and closed down the service there and then, there was no 4 days wait like you mentioned. Secondly, they didn’t immediately know personal info was even targeted, let alone compromised, It could have been people trying to shut down the psn like anonymous did, or trying to access any industry sensitive data that could be on the servers or any number of other possible targets. They did the right thing and hired a private internet security firm to investigate and when they could confirm that personal data had been compromised, they let us know. They still don’t know if credit card data has been accessed and will tell us when the do. Ultimately, whether or not sony’s data was secure enough to begin with, I feel they have handled this pretty well and kept people updated without unnecessary panic, a difficult feat in this world of 24 hour news

      • Since the horse bolted, they have shut the stable door extremely well & handled things just fine IMO… Questions still exist about what Sony was doing before the horse bolted.

        If hackers were probing their system, why didn’t it flag up, did it take hours or days of probing to find the weak spots, again if so why didn’t it flag up. When the intrusion was taken place how come the security failed. 77 million accounts worth of day at maybe 1 or kilobytes per account means a 77GB to 154GB database was downloaded, this should have threw up some massive red flags, but didn’t. Within that database things weren’t as secure as they should be, passwords for example. There is also the issue of, exposed, seemingly unprotected servers (of some kind, I’m not technical enough to know what they are) running out of date software on an OS with known vulnerabilities, and many other questions which will probably surface in the coming days.

        but yes, from the moment Sony flicked the off switch they’ve done everything supremely well (apart from lie initially (yet again) that it was maintainence). Lets just hope they’ve not been incompetent with everything from the networks design leading up to the 19th

    • That’s actually quite a pertinent point. Obviously your example is a joke but the very reason that they can’t say ‘we can come and smash your console with a hammer’ is because that is a criminal act.
      If you handle credit card data you are legally obliged to protect it as far as reasonable. Failing to do so, as it appears is the case here, is a crime and is therefore excluded from and T&Cs just the same as your hammer example.

      • but Sony are the ones that had your credit/debit card details so they are liable to protect it at whatever the cost you cannot protect something that Sony has a hold of you can only protect your card and your details on the card once you hand those details over too Sony to buy stuff from the store their the ones that are liable to protect your details by law

      • Um, I was agreeing with you.

      • sorry I thoguh some of your post directed at me my apologies

      • It’s the reason that people always say “this does not effect your statutory rights”, because that would be an unfair contract term, as stated by the Unfair Contract Terms Act. In fact, IIRC (from a year of a barely attended Liability/Ethics Uni module) making claims like Sony has just done can in fact void the entire contract (ToS).

        Rookie move by Sony here.

  3. I’d rather they spent the money beefing up security.

  4. Sony have lost consumer trust. That loss is incalculable.

    • they have lost mine, I will only use PSN cards from now on and I will change all my details when it comes back online. Hardly buy anything anyway

      • or use those pre paid credit cards they cant take any money off them lol

      • Pre paid CREDIT cards?? lol

      • Same. Plus, I have a 360, so guess which console I’ll be going with when DLC or downloadable games come out on both…

      • pre paid cards that you have to money on to use and cant go overdrawn

      • so not a credit card then

      • yes its a credit you use it like you would a normal credit card but only you have to put money on it to use it making fraudulent activity on it virtually impossible

      • I think he’s trying to point out that what you’re describing is not a _credit_ card, the term debit card is more appropriate.

  5. i can actually say that i have read through the terms and conditions all the way and i seriously should of taken it into more consideration

  6. Terms & conditions, just like End User Licence agreements, doesn’t preclude a company from complying with the law.

    and whilst users may not be able to claim compensation from Sony directly it doesn’t mean there won’t be loads of class action cases from around the world happening, especially as an almost total lack of security on Sony’s part seems to be coming clearer and from increasingly reliable sources.

    It’s popcorn time over the next few weeks, that’s for sure.

    • European law states companies can not pass on information but that implies knowingly. Hopefully an investigation will find SCE security lacking so we have some protection in future.

      • but thats only if you dont agree to let them though if you let them do so thats your own fault

  7. oh man! I had around £20 in my PSN wallet. God I hope it’s still there :/

    • No money has been taken. Card details. Oh and they might have raided PS store.

  8. if sony are found to be criminally negligent in their security, then i doubt any license agreement will protect them.

    as i’ve said numerous times, the law overrides any license agreement.

    • completely agree Sony think they have themselves covered but they don’t

      • even the Democratic US senator for Connecticut, Richard Blumenthal has got involved for the US users and wrote a letter to Jack Tretton about it

    • didn’t gamestation or some other retailer put a clause in that stated by signing their agreement they now owned your soul.

      these license agreements are a joke, they know people never read the whole thing, face it, often they’re almost novel length documents, if you buy an audiobook on itunes, the license agreement can often be longer than the book.

      they know a lot of the stuff they put in them is totally unenforceable, and they put other clause int that say if another part is not legal then it’s not their fault.

      they have teams of laywers writing this crap so it’s as hard to read and understand as possible, not to mention long enough that you could spend days reading through it all.

      legal mumbo jumbo and fancy language to hide the fact they’re just trying to make it look like they can do whatever the hell they want when they know they can’t.

      they know that a lot of the time, people wont challenge it, many people will, incorrectly, assume that the license agreement is as good as a law.
      that if it’s in the agreement, it’s legal.
      well it’s not.

  9. actually they are liable according to the ICO regardless of what the T&C’s say

    • Doesn’t ICO only apply to data held on UK servers? It will only cover a small margin of data leaked.

      ICO did nothing about the unsecured data that was passed from BT to ACS LAW recently so if ICO won’t punish BT I can’t see them going after Sony with anything stronger than a wagging finger.

      • But the EU went after Google for doing the same.

      • yes thats true thats why theyve got involved because it involes 10s of millions of people not just a handful they wont just give a wagging finger theyl get bigger punishment

      • ICO won’t do anything, he’s too busy ferrying Yorda about

      • yorda ?

  10. That is unenforceable because that statement would require Sony take ‘reasonable’ care to protect your information. It looks very much like thay have not done so

    • So say you.
      I would say that up until now they’ve had a pretty good record with it. Or are you going to say that this is the first attempt anyone ever took at hacking it?

      • Absolutely, I admit that I am basing it on some of the info I have read which has come from reasonable but by no means 100% reliable sources.

      • first of all our passwords were never encrypted, thats a worry. Why weren’t they?

      • @c1990
        Unhashed passwords
        an out of date apache installation
        Running on a redhat server with known vulnerabilities… and much much more
        This info was known within a few hours, makes me wonder what will come to light over the next few days, especially if the hackers ever leak how they did it

        It’s almost like Sony’s security consisted of ‘are you a PS3, if the answer is yes – here help yourself to whatever you want’

Comments are now closed for this post.