Sony: Credit card info may have been stolen in hack

A hack that downed Sony's PlayStation Network and Qriocity last week may have taken members' credit card information and other sensitive data, Sony said. In a blog entry, corporate communications and social media head Patrick Seybold also said they are aiming to restore both services within a week. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking," he said. He suggested that, once the PlayStation Network and Qriocity services are fully restored, users should log in and immediately change their passwords. Also, if they use their PlayStation Network or Qriocity user names or passwords with other unrelated services or accounts, they should change them as well. "To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports," he warned. Seybold said that the hackers may have also obtained members' personal information, including name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. Also, he said that it is possible that profile data, including purchase history and billing address (city, state, zip), and PlayStation Network/Qriocity password security answers may also have been obtained. Even sub-accounts for dependents may have been similarly compromised, he said. Measures vs identity theft Sony noted that United States residents are entitled under US law to one free credit report annually from each of the three major credit bureaus. At no charge, US residents can have these credit bureaus place a “fraud alert" on their file that alerts creditors to take additional steps to verify their identity prior to granting credit in their name. "This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file," it said. Restoration in 1 week Seybold said that Sony expects to bring back PlayStation Network and Qriocity services within a week. "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week. We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback," he said. He said that they discovered the hack between April 17 and 19, where PlayStation Network and Qriocity service user account information was compromised. The intrusion prompted Sony to:

• Temporarily turn off PlayStation Network and Qriocity services;
• Engage an outside, recognized security firm to conduct a full and complete investigation into what happened; and
• Quickly take steps to enhance security and strengthen network infrastructure by re-building its system to provide greater protection of personal information.