Sony: A data breach caused the PSN outage

by Steve Ragan - Apr 26 2011, 21:47

Sony has confirmed that a data breach was the cause for the PSN outage, now in its sixth day. In a vague letter to customers, the gaming giant warned that personal information was compromised. In addition, it fears credit card details were also included in the loss.

On April 17, an unknown number of PSN and Qriocity accounts were compromised. As a result, Sony shut things down in an attempt to mitigate the situation, allowing it time to correct underlying issues and launch a full investigation. Initially, the service outage was blamed on Anonymous, considering the group's past actions against the Japanese electronics giant.

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained,” Sony's letter explained [the full letter can be read here].

Moreover, out of an abundance of caution, the firm explains, it is also warning customers that credit card details, excluding security codes but including account number and expiration dates, were exposed.

[Edit: Fixed typo and explained the credit risk. -Steve]

“To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports,” Sony added.

Sony is not providing credit monitoring. Instead, it is advising customers to obtain free yearly credit reports. Under U.S. law, each citizen is allowed one report per year from each of the credit bureaus. Likewise, Sony has advised customers to place fraud alerts on their credit files.

“For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information,” the letter continued.

“We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible.”

Again, the number of accounts breached by the attack is unknown. However, Sony can count tens of millions of gamers amongst its registered user base.

The Tech Herald has reached out to Sony for more information, and will update this story as we have it.

Around the Web