Wednesday, April 27, 2011

At least some personal data compromised in PSN hack: Sony

Sony has confirmed what was feared: personal information was stolen during the hacking incident that led to the company shutting down both the PlayStation Network (PSN) and Qriocity.

Earlier, on Monday, Sony said the services would be down indefinitely. On Tuesday, the company finally gave a more verbose explanation about the outage.

Sony said the following types of personal data was compromised:
  • name
  • address
  • email address
  • birthdate
  • PlayStation Network/Qriocity password and login
  • handle/PSN online ID
In addition, the company says it is "possible" that the following was compromised:
  • profile data, including purchase history and billing address
  • PlayStation Network/Qriocity password security answers
  • If you have authorized a sub-account for a dependent, the same data with respect to that dependent may have been obtained
  • credit card data
With regards to credit card data, Sony isn't sure that data was compromised, but they said "we cannot rule out the possibility."  They recommend that users monitor their credit card statements closely, and also add information about the annual free credit report U.S. residents are entitled (under U.S. law) to, as well as giving out the information for the three major credit bureaus.

What they didn't do is offer free credit monitoring, which is something that some other companies or even government agencies have done in the past when credit card information has been lost in an incident like this. However, Sony did say it cannot confirm that credit card data was stolen. Still, it would have been a nice touch.

Of course, that would have cost Sony a pretty penny.

No comments: