23 October 2014

Massive Sony data breach leaves card details at risk

27 April 2011  |  9530 views  |  0 biometrics - eye

More than 70 million Sony PlayStation Network customers are being warned to watch out for scams after the Japanese electronics giant admitted its systems have been hacked and personal information - possibly including credit card data - stolen.

After closing down its online gaming network last week, Sony has now begun e-mailing millions of users warning that "certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network."

The breach has left names, addresses, e-mail addresses and dates of birth compromised. Profile data, including purchase history and billing address, and PlayStation Network/Qriocity password security answers may also have been obtained.

Says the letter: "While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained."

The firm is warning users to watch out for e-mail, telephone, and postal mail scams and to change passwords when the service is back up and running.

In a blog explaining the delay in informing users about the hack, Sony says it found out about the intrusion on the 19 April and shut down the service but only realised the scope of the breach yesterday after bringing in outside experts and conducting forensic analysis.

However, users have reacted angrily to both the breach and Sony's handling of it, with many venting their fury through comments on the update blogs.

Says one, called carlosdfn: "This fiasco has completely changed my view of Sony. This is unacceptable and amateurish. It's like a bad joke. I hope that the people in charge of PSN's security are held responsible. Epic fail doesn't even begin to describe it, we're talking millions of people here who had their data compromised. The damage is done and people wont forget this."

Financial Fraud Action UK has moved to reassure worried Brits, issuing a statement insisting: "The banking industry has robust processes in place to protect its customers' accounts by monitoring for suspicious or irregular card transactions. If Sony confirms that card details have been compromised, and provides details to us of those accounts, card issuers can place alerts on these accounts. Further steps, such as blocking the account and/or issuing new cards can be taken if necessary. There is no need for customers to contact their bank or card company at this stage."

Update:

In its latest blog, Sony says: "The entire credit card table was encrypted and we have no evidence that credit card data was taken."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related stories

26 April, 2011
11 April, 2011
04 April, 2011
04 April, 2011
01 March, 2011
15 February, 2011
07 February, 2011
03 February, 2011
28 July, 2010

Featured job

Basic £130-140K OTE £250K (no ceiling)
London based and across EMEA

Find your next job