Now that Sony has figured out that hackers stole personal records for more than 77 million PlayStation Network users, everyone wants to figure out how much the incident has cost the Japanese company.
The estimates today range from $20 million in lost revenues for a couple of weeks to $24 billion for the full costs of dealing with the consequences of losing control of customer data.
Michael Pachter, an analyst at Wedbush Morgan, estimates that Sony makes about $500 million in annual revenue from PSN sales of downloadable games, movies, music etc. So that comes out to about $10 million per week, with a 30 percent profit margin. Over two weeks of an outage (Sony said it would be down for another week as the system is rebuilt), Sony will likely lose about $20 million in revenue and $6 million in lost profit.
Sony will also likely have to compensate users for downtime, which could come in the form of credits for free usage. Sony may also have to incur some expense to indemnify customers against credit card and identity theft. Pachter believes those expenses will likely be pretty small, mainly because he believes the hackers probably wont fully capitalize on the stolen credit card data. If they really wanted a big score on that front, he reasons, the hackers would hit a luxury retailer.
But Forbes cited a study by the Ponemon Institute, a think tank on security, that estimated the cost per person for a data breach is $318. That means the potential cost of the PlayStation Network breach could be more than $24 billion. That’s probably a stretch, but it is a reminder of how much data breaches can cost a company. The loss for Sony’s reputation is probably immeasurable.
Sony said, “We recognize that this may have had financial impact on our loyal customers. We are currently reviewing options and will update you when the service is restored.”
Meanwhile, Sony issued its own new information on how much it knew about the data loss and when. Sony spokesman Patrick Seybold said on the PlayStation blog today that it learned there was an intrusion on April 19 and shut the online game and entertainment services down on the 20th. It then hired forensic analysis experts to find out what happened, and the experts finally notified Sony yesterday of the full scope of the breach. That, Sony said, is why it took so long to share the data loss with the public.
Sony said it is still investigating the cause of the attack, and it declined to say whether Anonymous or another online hacking group was responsible for the attack, which came from the outside. Sony said that as it rebuilds the system, it is adding new countermeasures to prevent future attacks. The company is also notifying all users who had their data compromised via email messages. But Sony says it will not contact users asking them to verify their credit card numbers, as that is what email scammers would do.
Sony’s PlayStation Home virtual world and its Qriosity music and video services are also down, but Sony Online Entertainment, which has massively multiplayer online games such as Free Realms, is available. SOE was also disrupted by an attack but recovered more quickly from it.