April 27, 2011

Personal Data Stolen From PlayStation Network

Sony Corp. said on Tuesday that the personal data of PlayStation users worldwide has been stolen in a hack that forced its network offline for the past week.

In a message posted on its U.S. PlayStation blog, Sony said an "illegal and unauthorized person" obtained names, addresses, email addresses, birth dates, user names, passwords, logins, security questions and more.

The company said some services would be restored in a week, but industry experts said the scale of the breach could cost the company billions of dollars.

"Simply put, one of the worst breaches we've seen in several years," Josh Shaul, chief technology officer for Application Security Inc., told The Associated Press.

Sony said it has no direct evidence credit card information was stolen, but said "we cannot rule out the possibility."

"Our teams are working around the clock on this, and services will be restored as soon as possible," it said in a blog post Tuesday.

Sony shut down its PlayStation network last Wednesday after it said account information was compromised for certain players.

The Japanese-based company said people in 59 nations use the PlayStation network.  About 36 million of the 77 million accounts are in the U.S., 32 million are in Europe and 9 million are in Asia.

Sony said purchase history and credit card billing address information may have been stolen but the intruder did not obtain the 3-digit security code on the back of the cards.

A spokesman for the company said that after learning of the breach it took "several days of forensic investigation" before the company knew consumers' data had been compromised.

U.S. Democratic senator Richard Blumenthal sent a letter to Sony asking it to explain why it did not notify PlayStation owners sooner.

Alan Paller, research director of the SANS Institute, told Reuters the breach may be the largest theft of identity data information on record.


On the Net: