Sony, Visa and a few others have been trying to reassure PSN (PlayStation Network) that users credit card information is still safe in spite of unverified reports that money is already being stolen from customers. As we enter day 9, we are learning that not only are more governments getting involved, some are even taking the extra step of threatening the embattled company with fines over the data breach.
This outage has become quite a saga for Sony. It started with a temporary outage that grew in to a massive data loss and now, it’s become an international incident. With a story so large, it is becoming difficult to keep track of every development that’s going on in this story. Yesterday, both the UK and US government became involved in the data breach. Meanwhile, on the same day, a supreme court ruling that suggests that it is entirely possible for companies to shield themselves from class action lawsuits. Whether or not that could hamper the current class action lawsuit has been a subject of debate. Geohot, a hacker who discovered the PS3 root keys, weighed in on this himself saying that Sony should have hired more security experts instead of lawyers.
So, what’s the latest developments on the most talked about story here on ZeroPaid? We begin with news from a Chinese outlet, China Post which is reporting that Taipei City has send a letter to Sony demanding answers to this fiasco. The letter says that Sony must fix the problem within ten days or face fines between NT$30,000 and NT$300,000. From the China Post:
Taipei City Government Law and Regulation Commission Chairman Yeh Ching-Yuan said Sony’s leak severely compromises PSN subscriber identity which should be considered a clear breach of consumer property rights.
According to the Consumer Protection Law, business operators are responsible for “facilitating the safety of the consumer life of nationals, and improving the quality of the consumer life of nationals.”
Yeh said Sony Corp. must provide the number of subscribers in the Taiwan area and explain why, although the cyber attack occurred between April 17 and 19, that it did not turn off the hacked services until April 20 and did not offer an official explanation until April 26. Furthermore, Sony Corp. must detail the risks and possible impact inherent in the leaked user information and offer methods of repair as well as compensation.
That government in China isn’t the only government now getting involved. Canada’s privacy commissioner is also investigating the incident. There’s only so much the Privacy Commissioner of Canada can do (fining a company is not something the commissioner can do). While the commissioner isn’t happy that Sony did not notify them of the breach, Sony isn’t technically required to do so. From Edmonton Journal:
“We are currently looking into this matter and are seeking information from Sony,” Valerie Lawton said in an email. “We will determine next steps once we have a full understanding of the incident.”
“It is also possible that your profile data, including purchase history and billing address, and your PlayStation Network/Qriocity password security answers may have been obtained,” Sony told users on its blog Tuesday.
Australia’s privacy commissioner is also getting involved. The concern for Australia’s privacy commissioner was whether or not Sony notified customers of the data breach fast enough. From Smart Company:
“I am very concerned by news reports that hackers have stolen data from users of the Sony PlayStation Network,” privacy commissioner Timothy Pilgrim said in a statement.
“Our office is contacting Sony seeking further information about this matter and we will be opening our own investigation.”
While the PlayStation Network – which services over 70 million customers and over 700,000 in Australia – was brought down last week, it was only in the past few days that Sony confirmed a breach of the network had occurred.
Meanwhile, US government involvement has increased as the Department of Homeland Security is now being called in to help investigate the data breach. From Gama Sutra:
“The Department of Homeland Security is aware of the recent cyber intrusion to Sony’s PlayStation Network and Qriocity music service,” DHS spokesman Chris Ortman told government technology site NextGov. “DHS’ U.S. Computer Emergency Readiness Team [CERT] is working with law enforcement, international partners and Sony to assess the situation.”
So, overall, there are 5 countries involved now, the US, UK, Canada, Australia and a city government in China. If anything else, this further shows just how big this data breach really is.
Sony has been in damage control mode yesterday saying that users data is safe because they did encrypt the information after all. This was amidst a handful of unconfirmed reports that users money was already disappearing from their accounts. While Sony and even Visa might be saying that they have no evidence to suggest that users credit card information hasn’t been stolen, more reports are surfacing that users credit cards have been stolen.
One man in Australia reported to ABC that a total of $2,000 AU in unauthorized charges had been made on his credit card. From ABC:
Sony has shut down the network while it tries to figure out how hackers were able to steal the details of so many customers.
Adelaide man Rory Spreckley checked his banking details on Wednesday and got a shock.
“I logged into my bank account just to check everything was OK and I found out there was some just over $2,000 in charges which I didn’t personally accrue,” he said.
The scary thing is, he isn’t alone in these reports. Another report surfaced on Twitter saying that $1,500 was charged to another persons credit card. While it’s unconfirmed that that incident was directly related to the Sony data breach, it certainly has the Twitter user on edge.
In fact, one unconfirmed report suggests that these stolen credit cards are being sold in underground market places in bulk. One user is apparently saying that they obtained 2.2 million cards from the breach. From The Guardian:
Kevin Stevens, a security analyst with Trend Micro, said in a tweet that “the hackers that hacked PSN are selling off the DB [database]. They reportedly have 2.2m credit cards with CVVs” – the latter being the three-figure number required for “card not present” transactions.
But Stevens added that he couldn’t be sure the claim was true. The hackers were also claiming to have offered to sell the database back to Sony, but that the company declined it. Sony spokesman Patrick Seybold said that as far as he knew there was no truth in that claim.
Speculation is growing that the hackers who carried out the attack could be European, based on the names being used in forums, though no further details have emerged so far.
One reader of Venturebeat said he had been contacted by Sony and told that his card might have been compromised, and discovered two new charges totalling $400 he hadn’t made.
Meanwhile, one report is saying that Sony is not going to be resetting users accounts. Gamepur quoted James Gallagher, SCEE Blog Manager as saying, “We’re not resetting accounts or anything like that, so when PSN is restored and you log on, everything will be as you left it.”
So, overall, it sounds like Sony is trying to project the image that no credit card information was stolen. As increasingly credible reports surface that users credit cards have, in fact, been stolen, that might become an increasingly difficult sell to the public.
Do you think that credit cards have been stolen at this point or do you think that reports of stolen money not true?
Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at [email protected].
Related Stories
- PSN Outage: Day 7.5 – Sony Hit with First Class Action Lawsuit
- PSN Outage: Day 9.5 – Sony Hit With Second Class Action Lawsuit
- PSN Outage: Day 8 – Governments Get Involved Over Data Breach Fears
- Sony Details “Welcome Back” Program for PSN Outage
- PS3 Hacker on PSN Outage: Blame Sony Execs, Not Engineers
@Justice- for the last friggin time, Anonymous was not responsible. if they were, Homeland Security would have already been up their arses. it was a Chinese cybercrime scheme, according to few sources. maybe European hackers.
this is why i never use cc…. when sony tells all of you “oh cc numbers were comprimised”, most of you should have seen this coming. its not sony’s fault idiots would put their own cc numbers and CVV’s, no system is perfect, so quit whining and tough it up, go to your local Rite-Aid or Wal-Mart and get a points card. no matter how long this outage is, its not worth getting an Xbox, because: you get an Xbox, open it, throw away the reciept, set it up, play online. then the next day, PSN could possibly get back up, and thats easily up to 400 dollars gone down the kitchen sink. unless you’re a Kinect fanboy.
This is a big freaking deal. I personally don’t care for “get over it” comments. I paid money to play an online game and completely understand everyones remarks are from frustrations as I too am frustrated. I would have liked to seen services returned days ago or a refund check in the mail. To the other half of people whom seach forums to insult the masses you are surely the lifeless, mommas basement living, right hands your lover, losers who have no place on the forums. Remove your shoelaces and do the world a favor by hanging from the ceiling fan. Cya in the next life where you’ll no doubt have a negative comment about it being to hot in hell. Until then, ba bye!
“So, overall, there are 5 countries involved now, the US, UK, Canada, Australia and a city government in China. If anything else, this further shows just how big this data breach really is.”
“China” should be clarified to “Taiwan” or “Republic of China”.
Sh!t my cc has fkn unauthorized usage of $3200 fck sony, cc’s are compromised…for everyone, cause so did my bosses cc got charged $868.54
Aaron if you had a ps3 and you got ur information hacked then you would, wait a minuite your probabley like 2 yrs old and have a nintendo ds
I would imagine services will be up & running sometime in May under their new name Sony Network Entertainment with a few twist?
kinda your fault also putting your personal info on a piece of equipment that could be hacked at any given time. i laugh @ all you cry babies bout your info. maybe just once get off your lazy fat @$$ and go to walmart and buy PSN card. maybe just maybe you wouldn’t be crying bout your CC info. HAHA to you dumb brainless idiots!!!! i have nothing to worry bout i sit here and laugh my @$$ off at your guys comments crying! GO SONY!!!!!!!!!!
I hope this is a wake up call to anyone who uses a cc. You put the information online when you use the card to buy online crap. Sony had it secured, but the hackers got around it. There’s nothing Sony could of done, and if you say “they should of had it more secured”. Think of the situation like this, you have the latest anti-virus software, but you somehow get a trojan on your pc. Is it your anti-virus fault? No. People are going to keep trying to get around security. BTW my account was “stolen”, but I had no cc, and trivial info about myself.
“S#!T, i don’t care what it say. just let me know that you know that you need me more then i need you. ”
YOUNGING, they don’t need you and don’t give a damn about you. You might want to reconsider your loyalty to them.
i just can’t take it. 9 days past with no PSN. I’m a man that works day in & out. i don’t get much time 2 play but, i always had SONY. I remember when Playstation didn’t even have a number next to it. my family & I have spent a lot of money since `95. So i believe that SONY owes me a email, text or a letter (yes i said letter.. “i’m old school “). S#!T, i don’t care what it say. just let me know that you know that you need me more then i need you. I love BLACK OPS & i could play it on the 360 but, i will never buy that S#!T. So until PSN is up my kid gets to Wii-out. P.S. the one day i get off from work in a month; only because it was my Birth Day & PSN is down. all i wanted was “BLACK OPS`s ZOMBIES & BEER”
ITS NOT ABOUT “loyalty to them” I just can’t waste my time or money on more then one “corporate giant“. Also when I say ME it means US the Consumers around the world. I’m a good customer. I did my part by buying SONY, so do your part by keeping it WORKING.
“People who are threating sony with fines and sueing them are xbox fan boys and losers with nothing better to do then whine like babies well they wait for sony psn to come back up stop being little kids grow some balls and learn to be like people where 60 years ago when we just got over things instead of whineing 24/7″
@Aaron….Whining? Maybe YOU should be the idiot that has YOUR information stolen… and THEN we will see who whines…I personally think you would cry like a big baby! What a troll!
Aaron are you typing that from $ony’s main office or are you working at home as part of their p.r. team that is trolling the net for anti-$ony opinions?
so anyone who supports sony is paid by them? think about what you say before you say it man.
Here’s a fact that might be worth a thought. Remember how in the beginning $ony lied and said it’d only be down a day or two and that there was no security breach? Well what if what they are saying now is ALSO a lie? What if it’s even worse than they are letting on?
People who are threating sony with fines and sueing them are xbox fan boys and losers with nothing better to do then whine like babies well they wait for sony psn to come back up stop being little kids grow some balls and learn to be like people where 60 years ago when we just got over things instead of whineing 24/7
@ Aaron,
You want 70 million users that lost their personal data, potentially including credit card details, by a careless corporate giant to just get over it? I think not!
What kind of corporation manages to suffer such an epic breach of security when only a couple of weeks before the incident they received ample warning in the form of “anonymous” hacking community declaring war on Sony!?!? An incompetent one, that’s the kind of corporation Sony is. FFS they got a warning, they knew attack was imminent and they still failed to protect 70 million users’ data. Not only did they fail to protect the data but they then failed to inform the users that their data had been stolen.
Incompetent, irresponsible – two words that describe Sony very well.
Epic fail Sony!!!
Too bad that I already own a PS3. Yes I will be playing it
but I know I won’t be buying another Sony product!
congrats u have been put on my fag list u dushe bag