Rootkit scandal
On 31 October 2005, a scandal erupted over digital rights management (DRM) software produced and shipped by Sony BMG that automatically installed itself on people's computers and made them more vulnerable to computer viruses. The scandal and attendant controversy about the practice of software auto-installation spawned several lawsuits. Sony BMG eventually recalled all of the affected CDs.
On November 16, 2005, US-CERT, the United States Computer Emergency Readiness Team, part of the United States Department of Homeland Security, issued an advisory on Extended Copy Protection DRM, citing the XCP use of rootkit technology to hide certain files from the computer user as a security threat to computer users, saying that a Sony-provided uninstallation option also introduced computer system vulnerabilities.
US-CERT advised, "Do not install software from sources that you do not expect to contain software, such as an audio CD."[7] In its "Top Flops of '05" issue, the enterprise newsweekly eWeek had to create a new category for the "Sony BMG root-kit fiasco." Peter Coffee of eWeek Labs reported, "The Sony brand name was already in trouble—it lost 16 percent of its value between 2004 and 2005....
Now it has taken a blow among tech-product opinion leaders. "We've never done it before, and we hope we'll never have [an] occasion to do it again but, for 2005, eWeek Labs awards a Stupid Tech Trick grand prize to Sony." eWeek Vol. 22, No.50
Kazaa file-sharing lawsuit
In October 2007, Sony BMG, alongside other large music firms, successfully sued Jammie Thomas for making 24 songs available for download on the Kazaa file-sharing network. Thomas, who made US$36,000 a year, was ordered to pay US$222,000 in damages. Thomas had allegedly shared 1702 files in total; the court upholding the award called it an "aggravated case of willful infringement".[8]