Sony’s Security Breach May Be the Biggest Personal Data Heist in History


A huge amount of personal data was exposed in a recent Sony hack. Today, Sony disclosed that the security breach affecting almost 77 million PlayStation Network users, may also have affected 24.5 million users of Sony Online Entertainment, making this the largest personal data heist in history. Also at risk are the credit card numbers and expiration dates of 12,700 non-U.S. customers, plus 10,700 direct debit records from customers in Austria, Germany, Netherlands and Spain, containing bank-account numbers, customers’ names and addresses. This information was stored in what Sony said was an “outdated database from 2007.”

The personal information that may have been compromised includes names, birthdates, gender, physical and e-mail addresses, logins, passwords, and usernames. Credit card information, purchase histories and other profile data stored on Network servers may also have been stolen by the hackers.

 Sony is said to be working closely with law enforcement to catch the hackers, and are taking steps to enhance security and strengthen the network infrastructure.

What to do if you think your personal information has been compromised

  1. Change your user name and password, including the secret question and answer (such as your mother’s maiden name). And make sure that question and answer is not used in any other accounts.  If that kind of information has fallen into the hands of hackers, it could potentially be used for identity theft. 
  2. Review your account statements and monitor your credit closely.
  3. The attack opens up to potential phishing targeting or other forms of unsolicited contact by email or telephone, so be especially aware of email or phone calls asking you to provide sensitive information”. According to Sony, they will not contact you by email or phone to ask you to provide any personal identifiable information such as credit card number or social security number.

Useful links

Sony PlayStation Blog: http://blog.us.playstation.com/

Sony Online Entertainment: http://www.soe.com/securityupdate/

Federal Trade Commission: http://www.ftc.gov/bcp/edu/microsites/idtheft/

http://www.identitytheft.gov/