As was predicted, the account details of several million PSN users was compromised and stolen. Details including your name, address, country, email, birthday, and PSN username and login password are in the hands of someone else.
They claim there is no evidence that credit card info has been stolen, but it’s no laughing matter. When something like this happens, you simply assume that it’s been stolen and raise flags everywhere you can. A piece of good news on this however is that the 3-digit security code found on credit cards has not been stolen. However, if several million credit card numbers have been stolen, a 1/1000 chance is not a far stretch.
Despite this major screw-up, they are doing what they can to give advice to the PSN users in case such details have been stolen by giving links to credit bureaus and reminding them that US residents are legally entitled to free credit reports from said bureaus.
Despite this, the damage has well and truly been done. It is likely that Sony will be facing a massive class-action lawsuit in the near future, losing a massive amount of their users, and an incredible blow to their bottom line. They better do everything in their power to make this right with people. Normally I roll my eyes at people who demand compensation for downtime, but this is a completely different matter.
In addition to all this, the Connecticut Senator Richard Blumenthal has pitched a letter to the SCEA president and CEO Jack Tretton, chastising him because the customers are not being properly informed to what the situation involves. His letter is reproduced below.
April 26, 2011
Mr. Jack Tretton
President and CEO
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA USA 94404
Dear Mr. Tretton:
I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.
It has been reported that on April 20, 2011, Sony’s PlayStation Network suffered an “external intrusion” and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.
When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.
I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.
PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.
United States Senate
Not only has Sony lost a large amount of faith from its massive userbase, they have gotten on a Senator’s bad side. When someone with a strong hand in politics shows personal outrage, then there will be severe consequences down the line for the company.
I’m not a lawyer, but I’m sure there are several laws out there that require companies to secure personal information entrusted to them. If they’re as harsh as I think they are, I can see several million counts of breach against them.