It’s about time someone called corporations on this type of self-serving rule change. As a business owner, I can’t blame them for trying to limit their liability. I’d probably do the same thing in their shoes (though I hope I’d find a way to be more fair about it). But as a consumer it always infuriates me when a company high-handedly says “we’re changing the rules, like it or lump it.” Especially as the changes are always detrimental to the consumer in some way, and every company out there always includes the “we’re allowed to change the rules any time we want, and you just have to take it” rule.
I understand the economic reasons why it could never happen, but I really wish there were a way for the individual consumer to hold companies to their promises, rather than relying on large groups of us to get pissed off enough to file a class-action suit.
The reason why they changed the rules is because previously they were engaging in behavior that was lawsuit-worthy, and they wanted to make sure that in case they couldn’t figure out or care enough to stop, they’d get away with it.
(Unpatched fresh-from-the-distro-disks Apache on internet facing servers coupled with unencrypted credit card databases, it’s like they had no competent IT department at all, yet when it came to their own financial security, they had encryption and DRM up the wazoo. Yup, lawsuit-deserving behavior.)
It’s more like they didn’t want to spend the money on those servers. Obviously they have competent IT people, and could have told them to protect the gaming network as well as their main ones, but the gaming network just wasn’t seen as important enough to warrant that.
The unencrypted credit card databases, more than anything else, is what’s lawsuit-worthy. If data is worth entering into a database, it’s most likely worth protecting, and said database should be encrypted by default. Any database holding customer data, especially one with customer credit card information, should be protected with the strongest protections feasible. If you treat your customers like they don’t matter, they won’t be your customers for very long.
But all that is beside the point of the article, which was about the fallout from the hack, not the hack itself.