Second Sony Data Breach Exposes Personal Data of 24 Million Consumers
Monday, May 09, 2011
You've probably heard of the massive Sony Playstation Network data breach that affected 77 million customers. Well, there has been a second Sony data breach.
In a May 2 press release, Sony Online Entertainment (SOE) announced that hackers had breached its servers and stole consumers' sensitive personal information, including name, address (city, state, zip, country), email address, gender, birth date, phone number, sign-in credentials (e.g., login name and hashed password), and debit/credit card account information:
"Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained."
The stolen bank account data included bank account number, account holder name, and account holder address. All of the above stolen personal data is sufficient for identity criminals to open fraudulent accounts and/or access existing accounts. SOE is notifying affected consumers via e-mail with Innovyx, their third-party email distributor. Reportedly, the e-mail notifications will contain either 'soe.innovyx.net' or 'soe.sony.com' in the sender field. SOE has also:
"Temporarily turned off all SOE game services; engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and quickly taken steps to enhance security and strengthen our network infrastructure..."
In a May 3 press release, SOE announced an update of their breach investigation:
"This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen..."
Since SOE gaming websites are down, SOE will add 30 days onto its customers' subscriptions and compensate them for each day of downtime. SOE produces popular, multi-player online games, including EverQuest, EverQuest II, Champions of Norrath, Clone Wars Adventures, and DC Universe Online.
Given that debit and credit card data was stolen, consumers should check their bank accounts for fraudulent entries and change their sign-in passwords. The SOE breach notification contains the usual disclosures advising consumers to check their credit reports for fraudulent entries and to contact the U.S. Federal Trade Commission's identity theft website for advice and tips about how to protect themselves and their bank accounts.
Comments
You can follow this conversation by subscribing to the comment feed for this post.