Sony: Personal info compromised on PSN

April 29, 2011
Cyber Security, FedCyber Wire
No Comment


Sony acknowledged today that the personal information of its PlayStation Network customers has been compromised.

The company posted an update on its blog today warning its more than 70 million customers that their personal information, including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and user names, as well as online user handles, was obtained illegally by an “unauthorized person.” The data was accessed between April 17 and 19, according to Sony.

With respect to credit card information, which many users have given to Sony in order to purchase or rent content via the service, Sony is less sure of what transpired.

“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” a company spokesman wrote today. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”

And as a result, Sony has temporarily turned off PlayStation Network and Qriocity, its subscription music service, contracted with an outside security firm to investigate the intrusion on its network, and started to rebuild its system and security. Sony would not say whether the company had contacted the FBI or any law enforcement about the breach.

It took Sony five days to level with its customers about the consequences of what knocked its service offline. Midway through last week users noticed error messages when trying to sign into the service. While the company initially acknowledged the service was inaccessible on Friday, it offered no explanation of why and said PSN would be back up and running in a “day or two.”

Continued here.